From 42b4075a690d594876a71f0a835e83ee50c10500 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Wed, 13 Feb 2019 11:10:46 +0100
Subject: [Backport] Fix for CVE-2019-5783
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[DevTools] Fix request preview for URI encoded html

Bug: 895081
Change-Id: I49c6131e1cc432e470e4b04353282d3ebebcb063
Reviewed-on: https://chromium-review.googlesource.com/c/1286758
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#601792}
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
 .../blink/renderer/devtools/front_end/network/RequestHTMLView.js        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'chromium')

diff --git a/chromium/third_party/blink/renderer/devtools/front_end/network/RequestHTMLView.js b/chromium/third_party/blink/renderer/devtools/front_end/network/RequestHTMLView.js
index 6108fd709d4..e2b85ba9af8 100644
--- a/chromium/third_party/blink/renderer/devtools/front_end/network/RequestHTMLView.js
+++ b/chromium/third_party/blink/renderer/devtools/front_end/network/RequestHTMLView.js
@@ -63,7 +63,7 @@ Network.RequestHTMLView = class extends UI.VBox {
     const iframe = createElement('iframe');
     iframe.className = 'html-preview-frame';
     iframe.setAttribute('sandbox', '');  // Forbid to run JavaScript and set unique origin.
-    iframe.setAttribute('src', this._dataURL);
+    iframe.setAttribute('src', encodeURI(this._dataURL));
     iframe.setAttribute('tabIndex', -1);
     this.contentElement.appendChild(iframe);
   }
-- 
cgit v1.2.1