Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Issue 225813002: Fix XSS issues in http_server's dir-listing and error-page. (Closed)

Created:
6 years, 8 months ago by Anders Johnsen
Modified:
6 years, 8 months ago
Reviewers:
nweiz, Søren Gjesse, ahe
CC:
reviews_dartlang.org, kevmoo
Visibility:
Public.

Description

Fix XSS issues in http_server's dir-listing and error-page. BUG= R=sgjesse@google.com Committed: https://code.google.com/p/dart/source/detail?r=34769

Patch Set 1 #

Total comments: 4

Patch Set 2 : Remove debug code. #

Total comments: 6

Patch Set 3 : Also encode size and modified. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+65 lines, -19 lines) Patch
M pkg/http_server/lib/src/virtual_directory.dart View 1 2 4 chunks +23 lines, -11 lines 0 comments Download
M pkg/http_server/test/virtual_directory_test.dart View 1 2 4 chunks +42 lines, -8 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
Anders Johnsen
6 years, 8 months ago (2014-04-04 11:48:34 UTC) #1
Søren Gjesse
lgtm https://codereview.chromium.org/225813002/diff/1/pkg/http_server/lib/src/virtual_directory.dart File pkg/http_server/lib/src/virtual_directory.dart (right): https://codereview.chromium.org/225813002/diff/1/pkg/http_server/lib/src/virtual_directory.dart#newcode288 pkg/http_server/lib/src/virtual_directory.dart:288: try { Indentation. https://codereview.chromium.org/225813002/diff/1/pkg/http_server/lib/src/virtual_directory.dart#newcode303 pkg/http_server/lib/src/virtual_directory.dart:303: print(e); Debug print? ...
6 years, 8 months ago (2014-04-04 12:54:26 UTC) #2
Anders Johnsen
Will wait for Nathan to comment. https://codereview.chromium.org/225813002/diff/1/pkg/http_server/lib/src/virtual_directory.dart File pkg/http_server/lib/src/virtual_directory.dart (right): https://codereview.chromium.org/225813002/diff/1/pkg/http_server/lib/src/virtual_directory.dart#newcode288 pkg/http_server/lib/src/virtual_directory.dart:288: try { On ...
6 years, 8 months ago (2014-04-04 12:58:13 UTC) #3
nweiz
https://codereview.chromium.org/225813002/diff/20001/pkg/http_server/lib/src/virtual_directory.dart File pkg/http_server/lib/src/virtual_directory.dart (right): https://codereview.chromium.org/225813002/diff/20001/pkg/http_server/lib/src/virtual_directory.dart#newcode297 pkg/http_server/lib/src/virtual_directory.dart:297: <td>$modified</td> Escape [modified] as well. Even though it doesn't ...
6 years, 8 months ago (2014-04-04 18:06:37 UTC) #4
Anders Johnsen
Thanks. Landing. https://codereview.chromium.org/225813002/diff/20001/pkg/http_server/lib/src/virtual_directory.dart File pkg/http_server/lib/src/virtual_directory.dart (right): https://codereview.chromium.org/225813002/diff/20001/pkg/http_server/lib/src/virtual_directory.dart#newcode297 pkg/http_server/lib/src/virtual_directory.dart:297: <td>$modified</td> On 2014/04/04 18:06:37, nweiz wrote: > ...
6 years, 8 months ago (2014-04-07 07:03:08 UTC) #5
Anders Johnsen
6 years, 8 months ago (2014-04-07 07:03:31 UTC) #6
Message was sent while issue was closed.
Committed patchset #3 manually as r34769 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698