Diff
Modified: trunk/Tools/ChangeLog (279093 => 279094)
--- trunk/Tools/ChangeLog 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/ChangeLog 2021-06-22 00:40:48 UTC (rev 279094)
@@ -1,3 +1,23 @@
+2021-06-21 Jonathan Bedard <jbed...@apple.com>
+
+ [results.webkit.org] XSS vulnerability in test name
+ https://bugs.webkit.org/show_bug.cgi?id=227235
+ <rdar://problem/77851775>
+
+ Reviewed by Alexey Proskuryakov.
+
+ * Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py: Bump version.
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/archiveRouter.js:
+ (_ArchiveRouter.prototype.labelFor): Escape any HTML in a potential label.
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/common.js:
+ (escapeHTML): If an object is undefined, don't attempt to escape it.
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/configuration.js:
+ (Configuration.prototype.toString): Escape configuration parameters.
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/investigate.html:
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html:
+ * Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/suite_results.html:
+ * Scripts/libraries/resultsdbpy/setup.py:
+
2021-06-21 Kate Cheney <katherine_che...@apple.com>
Migrate App Privacy Report code from WebKitAdditions
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/__init__.py 2021-06-22 00:40:48 UTC (rev 279094)
@@ -44,7 +44,7 @@
"Please install webkitcorepy with `pip install webkitcorepy --extra-index-url <package index URL>`"
)
-version = Version(3, 0, 0)
+version = Version(3, 0, 1)
import webkitflaskpy
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/archiveRouter.js (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/archiveRouter.js 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/archiveRouter.js 2021-06-22 00:40:48 UTC (rev 279094)
@@ -21,6 +21,8 @@
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
// THE POSSIBILITY OF SUCH DAMAGE.
+import {escapeHTML} from '/assets/js/common.js';
+
class _ArchiveRouter {
constructor() {
this.routes = {};
@@ -71,7 +73,7 @@
if (!this.hasArchive(suite))
return null;
- return this._determineArgumentFromAncestry('label', 'Result archive', suite, mode);
+ return escapeHTML(this._determineArgumentFromAncestry('label', 'Result archive', suite, mode));
}
};
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/common.js (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/common.js 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/common.js 2021-06-22 00:40:48 UTC (rev 279094)
@@ -119,6 +119,8 @@
// Based on <https://stackoverflow.com/questions/6234773/can-i-escape-html-special-chars-in-_javascript_>
function escapeHTML(text) {
+ if (!text)
+ return text;
return text.replace(/[&<>"'\n]/g, function(character) {
switch (character) {
case '&':
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/configuration.js (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/configuration.js 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/static/js/configuration.js 2021-06-22 00:40:48 UTC (rev 279094)
@@ -21,7 +21,7 @@
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
// THE POSSIBILITY OF SUCH DAMAGE.
-import {queryToParams} from '/assets/js/common.js';
+import {queryToParams, escapeHTML} from '/assets/js/common.js';
// These are flipped delibrately, it makes the fromQuery function return configurations in an
// intuitive order.
@@ -186,7 +186,7 @@
result += ' (' + this.sdk + ')';
if (result)
- return result.substr(1);
+ return escapeHTML(result.substr(1));
return 'All';
}
compare(configuration) {
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/investigate.html (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/investigate.html 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/investigate.html 2021-06-22 00:40:48 UTC (rev 279094)
@@ -30,7 +30,7 @@
<script type="module">
import {ArchiveRouter} from '/assets/js/archiveRouter.js';
import {CommitBank} from '/assets/js/commit.js';
-import {ErrorDisplay, QueryModifier, paramsToQuery, queryToParams, percentage, elapsedTime} from '/assets/js/common.js';
+import {ErrorDisplay, QueryModifier, paramsToQuery, queryToParams, percentage, elapsedTime, escapeHTML} from '/assets/js/common.js';
import {Configuration} from '/assets/js/configuration.js';
import {Expectations} from '/assets/js/expectations.js';
import {Drawer, BranchSelector, ConfigurationSelectors} from '/assets/js/drawer.js';
@@ -262,7 +262,7 @@
<div class="tiny text" style="font-weight: normal;margin-top: 0px">${Expectations.symbolMap[type]}</div>
</div>
<a class="text block" style="width: calc(100% - var(--mediumSize) - 16px); overflow: hidden; white-space: nowrap; text-overflow: ellipsis;" href="" target="_blank">
- ${test}
+ ${escapeHTML(test)}
</a>
</div>`;
}).join('');
@@ -392,7 +392,7 @@
toString() {
return `<div class="section" ref="${this.ref}">
<div class="header row">
- <div class="col-s-4 title">${this.suite}</div>
+ <div class="col-s-4 title">${escapeHTML(this.suite)}</div>
<div class="col-s-8">
<div class="input">
<select required ref="${this.selectConfigurations}"></select>
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/search.html 2021-06-22 00:40:48 UTC (rev 279094)
@@ -31,7 +31,7 @@
<script type="module">
import {CommitBank} from '/assets/js/commit.js';
-import {deepCompare, ErrorDisplay, queryToParams, paramsToQuery} from '/assets/js/common.js';
+import {deepCompare, ErrorDisplay, queryToParams, paramsToQuery, escapeHTML} from '/assets/js/common.js';
import {Configuration} from '/assets/js/configuration.js';
import {Drawer, BranchSelector, ConfigurationSelectors, LimitSlider, CommitRepresentation} from '/assets/js/drawer.js';
import {InvestigateDrawer} from '/assets/js/investigate.js';
@@ -117,7 +117,7 @@
return `<div class="section">
<div class="header">
- <div class="title" style="font-size:var(--smallSize);word-break:break-word;">${child.test} (${child.suite})</div>
+ <div class="title" style="font-size:var(--smallSize);word-break:break-word;">${escapeHTML(child.test)} (${escapeHTML(child.suite)})</div>
<div class="actions">
<div class="list">
<a class="item link-button" ref="${exitRef}">X</a>
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/suite_results.html (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/suite_results.html 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/resultsdbpy/view/templates/suite_results.html 2021-06-22 00:40:48 UTC (rev 279094)
@@ -31,7 +31,7 @@
<script type="module">
import {CommitBank} from '/assets/js/commit.js';
-import {deepCompare, ErrorDisplay, queryToParams, paramsToQuery} from '/assets/js/common.js';
+import {deepCompare, ErrorDisplay, queryToParams, paramsToQuery, escapeHTML} from '/assets/js/common.js';
import {Configuration} from '/assets/js/configuration.js';
import {Drawer, BranchSelector, ConfigurationSelectors, LimitSlider, CommitRepresentation} from '/assets/js/drawer.js';
import {InvestigateDrawer} from '/assets/js/investigate.js';
@@ -149,7 +149,7 @@
return suites.map(suite => {
return `<div class="section">
<div class="header">
- <div class="title">${suite}</div>
+ <div class="title">${escapeHTML(suite)}</div>
</div>
${children[suite]}
</div><br>`;
Modified: trunk/Tools/Scripts/libraries/resultsdbpy/setup.py (279093 => 279094)
--- trunk/Tools/Scripts/libraries/resultsdbpy/setup.py 2021-06-22 00:22:44 UTC (rev 279093)
+++ trunk/Tools/Scripts/libraries/resultsdbpy/setup.py 2021-06-22 00:40:48 UTC (rev 279094)
@@ -30,7 +30,7 @@
setup(
name='resultsdbpy',
- version='3.0.0',
+ version='3.0.1',
description='Library for visualizing, processing and storing test results.',
long_description=readme(),
classifiers=[