[Pkg-mozext-commits] [adblock-plus-element-hiding-helper] 220/483: Better escaping of dangerous charaters in CSS code

David Prévot taffit at moszumanska.debian.org
Thu Jan 22 21:41:43 UTC 2015 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository adblock-plus-element-hiding-helper.

commit f00afbe3b9617ea6b50677d50b8ee65f9450bdad
Author: Wladimir Palant <trev at adblockplus.org>
Date:   Wed Sep 22 13:19:36 2010 +0200

    Better escaping of dangerous charaters in CSS code
---
 chrome/content/composer.js | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/chrome/content/composer.js b/chrome/content/composer.js
index c5cc484..8cdd32d 100644
--- a/chrome/content/composer.js
+++ b/chrome/content/composer.js
@@ -203,8 +203,7 @@ function updateExpression() {
 
       if (attr.checked) {
         var escapedName = attr.name.replace(/([^\w\-])/g, "\\$1")
-                                   .replace(/\\\{/g, "\\7B ")
-                                   .replace(/\\\}/g, "\\7D ");
+                                   .replace(/\\([\{\}])/g, escapeChar);
         if (attr.selected != "") {
           var op = "*=";
           if (attr.selected == attr.value)
@@ -233,8 +232,8 @@ function updateExpression() {
 
           if (useFallback) {
             var escapedValue = attr.selected.replace(/"/g, '\\"')
-                                            .replace(/\{/, "\\7B ")
-                                            .replace(/\}/, "\\7D ");
+                                            .replace(/([\{\}])/g, escapeChar)
+                                            .replace(/([^\S ])/g, escapeChar);
             expression += "[" + escapedName + op + '"' + escapedValue + '"' + "]";
           }
         }
@@ -247,8 +246,8 @@ function updateExpression() {
     if (curNode.customCSS.checked && curNode.customCSS.selected != "")
     {
       expression += curNode.customCSS.selected
-                                        .replace(/\{/, "\\7B ")
-                                        .replace(/\}/, "\\7D ");
+                                      .replace(/([\{\}])/g, escapeChar)
+                                      .replace(/([^\S ])/g, escapeChar);
     }
 
     if ("firstChild" in curNode && curNode.firstChild.checked)
@@ -333,6 +332,14 @@ function updateExpression() {
     previewStyle.setAttribute("href", stylesheetURL);
 }
 
+function escapeChar(dummy, match)
+{
+  let code = match.charCodeAt(0).toString(16);
+  while (code.length < 6)
+    code = "0" + code;
+  return "\\" + code;
+}
+
 function fillDomains(domainData) {
   var list = document.getElementById("domainGroup");
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/adblock-plus-element-hiding-helper.git

More information about the Pkg-mozext-commits mailing list