Google Git
Sign in
gwt / gwt / 266f34c35cc12bed990a179b017fe3d1b986b74b^! / .
commit266f34c35cc12bed990a179b017fe3d1b986b74b[log] [tgz]
authorunnurg@google.com <unnurg@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Thu Jul 14 20:38:35 2011 +0000
committerunnurg@google.com <unnurg@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Thu Jul 14 20:38:35 2011 +0000
treed6dc9d5e9b0ae2a36de59c559ddfdd5af34ff839
parent389330273f7466ebc8c61beb26187ac6b35371cc [diff]
sanitize the bad codeserver name before outputting the error message for security

Review at http://gwt-code-reviews.appspot.com/1483804

Review by: cromwellian@google.com

git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@10458 8db76d5a-ed1c-0410-87a9-c151d255dfc7

diff --git a/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js b/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
index 9b415a3..1a9d9f0 100644
--- a/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
+++ b/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js

@@ -314,12 +314,20 @@
   if ($errFn) {
     $errFn($moduleName);
   } else {
-    __gwt_displayGlassMessage("Plugin failed to connect to Development Mode server at " + codeServer,
+    __gwt_displayGlassMessage("Plugin failed to connect to Development Mode server at " +
+        simpleEscape(codeServer),
         "Follow the underlying troubleshooting instructions");
     loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM");
   }
 }
 
+function simpleEscape(originalString) {
+  return originalString.replace("&","&amp;")
+    .replace("<","&lt;")
+    .replace(">","&gt;")
+    .replace("\"","&quot;");
+}
+
 function tryConnectingToPlugin(sessionId, url) {
   // Note that the order is important
   var pluginFinders = [findPluginXPCOM, findPluginObject, findPluginEmbed];

diff --git a/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html b/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html
index 1c49f53..f6c5d82 100644
--- a/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html
+++ b/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html

@@ -295,7 +295,8 @@
       if (errFn) {
         errFn(modName);
       } else {
-        __gwt_displayGlassMessage("Plugin failed to connect to Development Mode server at " + $hosted,
+        __gwt_displayGlassMessage("Plugin failed to connect to Development Mode server at " +
+            simpleEscape($hosted),
             "Follow the underlying troubleshooting instructions");
         loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM");
       }
@@ -303,6 +304,13 @@
   }
 }
 
+function simpleEscape(originalString) {
+  return originalString.replace("&","&amp;")
+    .replace("<","&lt;")
+    .replace(">","&gt;")
+    .replace("\"","&quot;");
+}
+
 window.onunload = function() {
 };