Issue 124053: Bug 763 : domita_test.js canonInnerHtml may be subverted

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 124053: Bug 763 : domita_test.js canonInnerHtml may be subverted (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
16 years, 8 months ago by MikeSamuel

Modified:
16 years, 8 months ago

Reviewers:
metaweta

CC:
google-caja-discuss_googlegroups.com

Base URL:
http://google-caja.googlecode.com/svn/trunk/

Visibility:
Public.

Description

From http://code.google.com/p/google-caja/issues/detail?id=763 : (Originally found by Mike Stay.) The regex in domita_test.js canonInnerHtml that says: new RegExp('(<\\w+)\\s+([^\\s>][^>]*)>', 'g'), does not match the case where there are angle brackets *inside* an attribute, as in: <div id=">"> It seems that some browsers may get weird with escaping angle brackets (though Firefox 3 does the safe thing); see: http://groups.google.com/group/opera.beta/msg/32380d8ca64c3096 In any case, maybe worth a look to make sure we don't get spuriously failing or (worse) succeeding tests when regressing on multiple browsers. Submitted @3761

Patch Set 1 #

Created: 16 years, 8 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+6 lines, -5 lines)			Patch
	M	tests/com/google/caja/plugin/domita_test_untrusted.html	View		2 chunks	+6 lines, -5 lines	0 comments	Download

Messages

Total messages: 2

Expand All Messages | Collapse All Messages

On 2009/09/26 02:56:42, MikeSamuel wrote:
> 

lgtm

Expand All Messages | Collapse All Messages