diff options
author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-02 11:02:14 +0100 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-02 18:26:21 +0000 |
commit | 91c25e4f4c308e81d67f9bc454bceae897f595ea (patch) | |
tree | 951724c539790fbf337b2004e1d781ed0af43975 | |
parent | 556ab13cc6d1eaa737e5bf82b2541e105f8d72de (diff) | |
download | qtwebengine-chromium-91c25e4f4c308e81d67f9bc454bceae897f595ea.tar.gz |
[Backport] Fix for CVE-2019-5819
[DevTools] Escape exclamation points in copy as curl
Manual cherry-pick.
Bug: 919356
Change-Id: Ica39b0f779e7afa8595de9481f2778b7842966fe
--------------------------------------------------------------------
DevTools: fix encoding for Copy as cURL
Before, the 'Copy as cURL' option would escape all characters outside
of a limited range [\x20-\x7e] with ANSI-C `\u` or `\x`. This caused
problems because `\x` does not properly encode Unicode chars outside
of the range (e.g. latin, CJK, emoji).
Instead, this CL treats control codes (C0, C1 sets) as the only
characters that need `\u` escaping, while everything else (except
single quote, backslash, newline) is not escaped.
Bug: 578054
Change-Id: I7587ea07250ff28bcde12cd62bc0e8a61757028d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkLogView.js | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkLogView.js b/chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkLogView.js index 64c699010a1..f28c7e75b7c 100644 --- a/chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkLogView.js +++ b/chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkLogView.js @@ -1586,23 +1586,19 @@ Network.NetworkLogView = class extends UI.VBox { function escapeStringPosix(str) { function escapeCharacter(x) { - var code = x.charCodeAt(0); - if (code < 256) { - // Add leading zero when needed to not care about the next character. - return code < 16 ? '\\x0' + code.toString(16) : '\\x' + code.toString(16); - } - code = code.toString(16); - return '\\u' + ('0000' + code).substr(code.length, 4); + const code = x.charCodeAt(0); + // Add leading zero when needed to not care about the next character. + return code < 16 ? '\\u0' + code.toString(16) : '\\u' + code.toString(16); } - if (/[^\x20-\x7E]|\'/.test(str)) { + if (/[\u0000-\u001f\u007f-\u009f!]|\'/.test(str)) { // Use ANSI-C quoting syntax. return '$\'' + str.replace(/\\/g, '\\\\') .replace(/\'/g, '\\\'') .replace(/\n/g, '\\n') .replace(/\r/g, '\\r') - .replace(/[^\x20-\x7E]/g, escapeCharacter) + + .replace(/[\u0000-\u001f\u007f-\u009f!]/g, escapeCharacter) + '\''; } else { // Use single quote syntax. |