Title: [251339] branches/safari-608-branch/Source/WebCore
- Revision
- 251339
- Author
- bshaf...@apple.com
- Date
- 2019-10-20 10:32:54 -0700 (Sun, 20 Oct 2019)
Log Message
Cherry-pick r250716. rdar://problem/56280993
AppleTV named as XSS-payloads trigger when AirPlay is used
https://bugs.webkit.org/show_bug.cgi?id=202534
<rdar://55931262>
Reviewed by Eric Carlson.
Ensure we escape an AirPlay's device name before inserting its name into the DOM.
* Modules/modern-media-controls/media/placard-support.js:
(PlacardSupport.prototype._updateAirPlayPlacard):
(PlacardSupport):
(escapeHTML):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250716 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-608-branch/Source/WebCore/ChangeLog (251338 => 251339)
--- branches/safari-608-branch/Source/WebCore/ChangeLog 2019-10-20 17:32:51 UTC (rev 251338)
+++ branches/safari-608-branch/Source/WebCore/ChangeLog 2019-10-20 17:32:54 UTC (rev 251339)
@@ -1,5 +1,39 @@
2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+ Cherry-pick r250716. rdar://problem/56280993
+
+ AppleTV named as XSS-payloads trigger when AirPlay is used
+ https://bugs.webkit.org/show_bug.cgi?id=202534
+ <rdar://55931262>
+
+ Reviewed by Eric Carlson.
+
+ Ensure we escape an AirPlay's device name before inserting its name into the DOM.
+
+ * Modules/modern-media-controls/media/placard-support.js:
+ (PlacardSupport.prototype._updateAirPlayPlacard):
+ (PlacardSupport):
+ (escapeHTML):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250716 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-10-03 Antoine Quint <grao...@apple.com>
+
+ AppleTV named as XSS-payloads trigger when AirPlay is used
+ https://bugs.webkit.org/show_bug.cgi?id=202534
+ <rdar://55931262>
+
+ Reviewed by Eric Carlson.
+
+ Ensure we escape an AirPlay's device name before inserting its name into the DOM.
+
+ * Modules/modern-media-controls/media/placard-support.js:
+ (PlacardSupport.prototype._updateAirPlayPlacard):
+ (PlacardSupport):
+ (escapeHTML):
+
+2019-10-15 Kocsen Chung <kocsen_ch...@apple.com>
+
Cherry-pick r250694. rdar://problem/56061131
[iOS] WebContent process can be interrupted during suspension; loses "Now Playing" status
Modified: branches/safari-608-branch/Source/WebCore/Modules/modern-media-controls/media/placard-support.js (251338 => 251339)
--- branches/safari-608-branch/Source/WebCore/Modules/modern-media-controls/media/placard-support.js 2019-10-20 17:32:51 UTC (rev 251338)
+++ branches/safari-608-branch/Source/WebCore/Modules/modern-media-controls/media/placard-support.js 2019-10-20 17:32:54 UTC (rev 251339)
@@ -80,7 +80,7 @@
switch(this.mediaController.host.externalDeviceType) {
case 'airplay':
- deviceName = UIString("This video is playing on ā%sā.", this.mediaController.host.externalDeviceDisplayName || UIString("Apple TV"));
+ deviceName = UIString("This video is playing on ā%sā.", escapeHTML(this.mediaController.host.externalDeviceDisplayName) || UIString("Apple TV"));
break;
case 'tvout':
deviceName = UIString("This video is playing on the TV.");
@@ -90,3 +90,10 @@
}
}
+
+function escapeHTML(unsafeString)
+{
+ var div = document.createElement("div");
+ div.textContent = unsafeString;
+ return div.innerHTML;
+}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
