[v8-dev] Only escape U+0022 in argument values of HTML extensions to String.prototype (issue 10693101)

mathias Thu, 05 Jul 2012 04:59:01 -0700

Reviewers: Yang,

Description:
Only escape U+0022 in argument values of HTML extensions to String.prototype


BUG=v8:2217
TEST='_'.link('<\'>"') === "<a href=\"<'>&quot;\">_</a>" // true


Please review this at https://chromiumcodereview.appspot.com/10693101/

SVN Base: git://github.com/v8/v8.git@master

Affected files:
  M src/string.js


Index: src/string.js
diff --git a/src/string.js b/src/string.js

index6115930b6c8ff69568f425b8b996a821bc93cb87..eaeb198dce85366d5e3759ec4a649fe586f85991100644

--- a/src/string.js
+++ b/src/string.js
@@ -825,10 +825,7 @@ function StringFromCharCode(code) {

 // Helper function for very basic XSS protection.
 function HtmlEscape(str) {
-  return TO_STRING_INLINE(str).replace(/</g, "&lt;")
-                              .replace(/>/g, "&gt;")
-                              .replace(/"/g, "&quot;")
-                              .replace(/'/g, "&#039;");
+  return TO_STRING_INLINE(str).replace(/"/g, "&quot;");
 }




--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Only escape U+0022 in argument values of HTML extensions to String.prototype (issue 10693101)

Reply via email to