Bug 950105 - Escape reserved characters when converting a WBXML document to XML. r=vicamo, r=chucklee, a=koi+
authorGabriele Svelto <gsvelto@mozilla.com>
Wed, 18 Dec 2013 17:19:42 +0100
changeset 175439 f9a3bb870d9c68790109256c1566157de57dd427
parent 175438 8f7687732fd14463a711d64e8453a7379279cc04
child 175440 aa2f87cedc09bbb81d00863757b7944225ea0a18
push id445
push userffxbld
push dateMon, 10 Mar 2014 22:05:19 +0000
treeherdermozilla-release@dc38b741b04e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvicamo, chucklee, koi
bugs950105
milestone28.0a2
Bug 950105 - Escape reserved characters when converting a WBXML document to XML. r=vicamo, r=chucklee, a=koi+
dom/wappush/src/gonk/WbxmlPduHelper.jsm
dom/wappush/tests/test_si_pdu_helper.js
--- a/dom/wappush/src/gonk/WbxmlPduHelper.jsm
+++ b/dom/wappush/src/gonk/WbxmlPduHelper.jsm
@@ -89,16 +89,45 @@ this.WbxmlCodePageSwitch = {
 this.WbxmlEnd = {
   decode: function decode_wbxml_end(data, decodeInfo) {
     let tagInfo = decodeInfo.tagStack.pop();
     return "</" + tagInfo.name + ">";
   },
 };
 
 /**
+ * Escape XML reserved characters &, <, >, " and ' which may appear in the
+ * WBXML-encoded strings in their original form.
+ *
+ * @param str
+ *        A string with potentially unescaped characters
+ *
+ * @return A string with the &, <, >, " and ' characters turned into XML
+ *         character entitites
+ *
+ * @see WAP-192-WBXML-20010725-A, clause 6.1
+ */
+this.escapeReservedCharacters = function escape_reserved_characters(str) {
+  let dst = "";
+
+  for (var i = 0; i < str.length; i++) {
+    switch (str[i]) {
+      case '&' : dst += "&amp;" ; break;
+      case '<' : dst += "&lt;"  ; break;
+      case '>' : dst += "&gt;"  ; break;
+      case '"' : dst += "&quot;"; break;
+      case '\'': dst += "&apos;"; break;
+      default  : dst += str[i];
+    }
+  }
+
+  return dst;
+}
+
+/**
  * Handle string table in WBXML message.
  *
  * @see WAP-192-WBXML-20010725-A, clause 5.7
  */
 this.readStringTable = function decode_wbxml_read_string_table(start, stringTable, charset) {
   let end = start;
 
   // Find end of string
@@ -113,17 +142,19 @@ this.readStringTable = function decode_w
   // Read string table
   return WSP.PduHelper.decodeStringContent(stringTable.subarray(start, end),
                                            charset);
 };
 
 this.WbxmlStringTable = {
   decode: function decode_wbxml_string_table(data, decodeInfo) {
     let start = WSP.Octet.decode(data);
-    return readStringTable(start, decodeInfo.stringTable, decodeInfo.charset);
+    let str = readStringTable(start, decodeInfo.stringTable, decodeInfo.charset);
+
+    return escapeReservedCharacters(str);
   }
 };
 
 /**
  * Parse inline string in WBXML encoded message.
  *
  * @param data
  *        A wrapped object containing raw PDU data.
@@ -137,17 +168,19 @@ this.WbxmlInlineString = {
   decode: function decode_wbxml_inline_string(data, decodeInfo) {
     let charCode = WSP.Octet.decode(data);
     let stringData = [];
     while (charCode) {
       stringData.push(charCode);
       charCode = WSP.Octet.decode(data);
     }
 
-    return WSP.PduHelper.decodeStringContent(stringData, decodeInfo.charset);
+    let str = WSP.PduHelper.decodeStringContent(stringData, decodeInfo.charset);
+
+    return escapeReservedCharacters(str);
   },
 };
 
 /**
  * Parse inline Opaque data in WBXML encoded message.
  *
  * @param data
  *        A wrapped object containing raw PDU data.
--- a/dom/wappush/tests/test_si_pdu_helper.js
+++ b/dom/wappush/tests/test_si_pdu_helper.js
@@ -106,16 +106,43 @@ add_test(function test_si_parse_wbxml_wi
                "Check this website</indication></si>";
   let msg = SI.PduHelper.parse(data, contentType);
   do_check_eq(msg.content, result);
 
   run_next_test();
 });
 
 /**
+ * SI compressed by WBXML with href attribute containing reserved XML character
+ */
+add_test(function test_si_parse_wbxml_with_href_reserved_char() {
+  let msg = {};
+  let contentType = "";
+  let data = {};
+
+  contentType = "application/vnd.wap.sic";
+  data.array = new Uint8Array([
+                  0x02, 0x05, 0x6A, 0x00, 0x45, 0xC6, 0x0D, 0x03,
+                  0x6F, 0x72, 0x65, 0x69, 0x6C, 0x6C, 0x79, 0x00,
+                  0x85, 0x03, 0x66, 0x6F, 0x6F, 0x26, 0x62, 0x61,
+                  0x72, 0x00, 0x01, 0x03, 0x43, 0x68, 0x65, 0x63,
+                  0x6B, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x77,
+                  0x65, 0x62, 0x73, 0x69, 0x74, 0x65, 0x00, 0x01,
+                  0x01
+                ]);
+  data.offset = 0;
+  let result = "<si><indication href=\"http://www.oreilly.com/foo&amp;bar\">" +
+               "Check this website</indication></si>";
+  let msg = SI.PduHelper.parse(data, contentType);
+  do_check_eq(msg.content, result);
+
+  run_next_test();
+});
+
+/**
  * SI compressed by WBXML with href and date attribute
  */
 add_test(function test_si_parse_wbxml_with_href_date() {
   let msg = {};
   let contentType = "";
   let data = {};
 
   contentType = "application/vnd.wap.sic";
@@ -165,9 +192,9 @@ add_test(function test_si_parse_wbxml_wi
   data.offset = 0;
   let result = "<si><indication href=\"http://www.xyz.com/email/123/abc.wml\"" +
                " created=\"1999-06-25T15:23:15Z\" si-expires=\"1999-06-30T00:00:00Z\">" +
                "You have 4 new emails</indication></si>";
   let msg = SI.PduHelper.parse(data, contentType);
   do_check_eq(msg.content, result);
 
   run_next_test();
-});
\ No newline at end of file
+});