Revision: 10458
Author: unn...@google.com
Date: Thu Jul 14 13:38:35 2011
Log: sanitize the bad codeserver name before outputting the error
message for security
Review at http://gwt-code-reviews.appspot.com/1483804
Review by: cromwell...@google.com
http://code.google.com/p/google-web-toolkit/source/detail?r=10458
Modified:
/trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
/trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html
=======================================
--- /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js Wed
May 18 13:47:13 2011
+++ /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js Thu
Jul 14 13:38:35 2011
@@ -314,11 +314,19 @@
if ($errFn) {
$errFn($moduleName);
} else {
- __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " + codeServer,
+ __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " +
+ simpleEscape(codeServer),
"Follow the underlying troubleshooting instructions");
loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM";);
}
}
+
+function simpleEscape(originalString) {
+ return originalString.replace("&","&")
+ .replace("<","<")
+ .replace(">",">")
+ .replace("\"",""");
+}
function tryConnectingToPlugin(sessionId, url) {
// Note that the order is important
=======================================
--- /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html Wed
May 18 13:47:13 2011
+++ /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/hosted.html Thu
Jul 14 13:38:35 2011
@@ -295,13 +295,21 @@
if (errFn) {
errFn(modName);
} else {
- __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " + $hosted,
+ __gwt_displayGlassMessage("Plugin failed to connect to Development
Mode server at " +
+ simpleEscape($hosted),
"Follow the underlying troubleshooting instructions");
loadIframe("http://code.google.com/p/google-web-toolkit/wiki/TroubleshootingOOPHM";);
}
}
}
}
+
+function simpleEscape(originalString) {
+ return originalString.replace("&","&")
+ .replace("<","<")
+ .replace(">",">")
+ .replace("\"",""");
+}
window.onunload = function() {
};
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
