Bug 745750 - HTML entities in a download title will break the Download Manager r=wesj
authorMark Finkle <mfinkle@mozilla.com>
Mon, 16 Apr 2012 17:21:18 -0400
changeset 95095 5d5e4abb88a360bc7bbff83f0ebe5518ca8c28f6
parent 95094 a1f8356394fc1cbf745c3b6083c7f537c47e801c
child 95096 26439e0c36792be23e913711ff4eb10b09f2f303
push id886
push userlsblakk@mozilla.com
push dateMon, 04 Jun 2012 19:57:52 +0000
treeherdermozilla-beta@bbd8d5efd6d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswesj
bugs745750
milestone14.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 745750 - HTML entities in a download title will break the Download Manager r=wesj
mobile/android/chrome/content/aboutDownloads.js
--- a/mobile/android/chrome/content/aboutDownloads.js
+++ b/mobile/android/chrome/content/aboutDownloads.js
@@ -84,17 +84,17 @@ let Downloads = {
       case "dl-done":
         if (!this._getElementForDownload(download.id)) {
           let item = this._createItem(downloadTemplate, {
             id: download.id,
             target: download.displayName,
             icon: "moz-icon://" + download.displayName + "?size=64",
             date: DownloadUtils.getReadableDates(new Date())[0],
             domain: DownloadUtils.getURIHost(download.source.spec)[0],
-            size: DownloadUtils.convertByteUnits(download.size).join(""),
+            size: DownloadUtils.convertByteUnits(download.size).join("")
           });
           this._list.insertAdjacentHTML("afterbegin", item);
           break;
         }
     }
   },
 
   _initStatement: function dv__initStatement() {
@@ -104,21 +104,33 @@ let Downloads = {
     this._stmt = this._dlmgr.DBConnection.createStatement(
       "SELECT id, name, source, state, startTime, endTime, referrer, " +
              "currBytes, maxBytes, state IN (?1, ?2, ?3, ?4, ?5) isActive " +
       "FROM moz_downloads " +
       "WHERE NOT isActive " +
       "ORDER BY endTime DESC");
   },
 
-  _createItem: function (aTemplate, aValues) {
+  _createItem: function _createItem(aTemplate, aValues) {
+    function htmlEscape(s) {
+      s = s.replace(/&/g, "&amp;");
+      s = s.replace(/>/g, "&gt;");
+      s = s.replace(/</g, "&lt;");
+      s = s.replace(/"/g, "&quot;");
+      s = s.replace(/'/g, "&apos;");
+      return s;
+    }
+
     let t = aTemplate;
-    for (let i in aValues) {
-      let regEx = new RegExp("{" + i + "}", "g");
-      t = t.replace(regEx, aValues[i]);
+    for (let key in aValues) {
+      if (aValues.hasOwnProperty(key)) {
+        let regEx = new RegExp("{" + key + "}", "g");
+        let value = htmlEscape(aValues[key].toString());
+        t = t.replace(regEx, value);
+      }
     }
     return t;
   },
 
   _stepDownloads: function dv__stepDownloads(aNumItems) {
     try {
       if (!this._stmt.executeStep()) {
         this._stmt.finalize();
@@ -126,19 +138,19 @@ let Downloads = {
         return;
       }
   
       // Try to get the attribute values from the statement
       let attrs = {
         id: this._stmt.row.id,
         target: this._stmt.row.name,
         icon: "moz-icon://" + this._stmt.row.name + "?size=64",
-        date: DownloadUtils.getReadableDates(new Date(this._stmt.row.endTime/1000))[0],
+        date: DownloadUtils.getReadableDates(new Date(this._stmt.row.endTime / 1000))[0],
         domain: DownloadUtils.getURIHost(this._stmt.row.source)[0],
-        size: DownloadUtils.convertByteUnits(this._stmt.row.maxBytes).join(""),
+        size: DownloadUtils.convertByteUnits(this._stmt.row.maxBytes).join("")
       };
 
       let item = this._createItem(downloadTemplate, attrs);
       this._list.insertAdjacentHTML("beforeend", item);
     } catch (e) {
       // Something went wrong when stepping or getting values, so clear and quit
       console.log("Error: " + e);
       this._stmt.reset();