Reviewers: cromwellian,
Description:
sanitize the bad codeserver name before outputting the error message for
security
Please review this at http://gwt-code-reviews.appspot.com/1483804/
Affected files:
M dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
M dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html
Index: dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
===================================================================
--- dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js (revision
10456)
+++ dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js (working
copy)
@@ -314,10 +314,18 @@
if ($errFn) {
$errFn($moduleName);
} else {
- __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " + codeServer,
+ __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " +
+ simpleEscape(codeServer),
"Follow the underlying troubleshooting instructions");
loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM";);
}
+}
+
+function simpleEscape(originalString) {
+ return originalString.replace("&","&")
+ .replace("<","<")
+ .replace(">",">")
+ .replace("\"",""");
}
function tryConnectingToPlugin(sessionId, url) {
Index: dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html
===================================================================
--- dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html (revision
10456)
+++ dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html (working
copy)
@@ -295,12 +295,20 @@
if (errFn) {
errFn(modName);
} else {
- __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " + $hosted,
+ __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " +
+ simpleEscape($hosted),
"Follow the underlying troubleshooting instructions");
loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM";);
}
}
}
+}
+
+function simpleEscape(originalString) {
+ return originalString.replace("&","&")
+ .replace("<","<")
+ .replace(">",">")
+ .replace("\"",""");
}
window.onunload = function() {
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
