rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS issue on qute://history

Browse Source 
Fixes #4011
This commit is contained in:
Florian Bruhin 2018-06-21 21:20:19 +02:00
parent 62d8b5b574
commit 5a7869f2fe
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qutebrowser/browser/qutescheme.py
View File

@ -24,6 +24,7 @@ Module attributes:
_HANDLERS: The handlers registered via decorators. _HANDLERS: The handlers registered via decorators.
""" """
import html
import json import json
import os import os
import time import time
@ -241,8 +242,9 @@ def history_data(start_time, offset=None):
end_time = start_time - 24*60*60 end_time = start_time - 24*60*60
entries = hist.entries_between(end_time, start_time) entries = hist.entries_between(end_time, start_time)
return [{"url": e.url, "title": e.title or e.url, "time": e.atime} return [{"url": html.escape(e.url),
for e in entries] "title": html.escape(e.title) or html.escape(e.url),
"time": e.atime} for e in entries]
@add_handler('history') @add_handler('history')

10
tests/end2end/data/issue4011.html Normal file
View File

@ -0,0 +1,10 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>&lt;img src=&quot;x&quot; onerror=&quot;console.log('XSS')&quot;&gt;foo</title>
</head>
<body>
foo
</body>
</html>

5
tests/end2end/features/history.feature
View File

@ -112,3 +112,8 @@ Feature: Page history
And I wait until qute://history is loaded And I wait until qute://history is loaded
Then the page should contain the plaintext "3.txt" Then the page should contain the plaintext "3.txt"
Then the page should contain the plaintext "4.txt" Then the page should contain the plaintext "4.txt"
Scenario: XSS in :history
When I open data/issue4011.html
And I open qute://history
Then the javascript message "XSS" should not be logged