rowan/multi-account-containers
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix escaping of container names in popups. Bug 1346653

Browse source
This commit is contained in:
Jonathan Kingston 2017-03-13 01:22:47 +00:00
parent 9d5223cd71
commit 52cf6df7ff
4 changed files with 51 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.eslintrc.js
View file

@ -15,7 +15,8 @@ module.exports = {
"Services": true "Services": true
}, },
"plugins": [ "plugins": [
"promise" "promise",
"unsafe-property-assignment"
], ],
"root": true, "root": true,
"rules": { "rules": {
@ -28,6 +29,8 @@ module.exports = {
"promise/no-promise-in-callback": "warn", "promise/no-promise-in-callback": "warn",
"promise/no-return-wrap": "error", "promise/no-return-wrap": "error",
"promise/param-names": "error", "promise/param-names": "error",
"unsafe-property-assignment/no-key-assignment": ["error"],
"unsafe-property-assignment/enforce-tagged-template-protection": ["error"],
"eqeqeq": "error", "eqeqeq": "error",
"indent": ["error", 2], "indent": ["error", 2],

5
package.json
View file

@ -2,7 +2,7 @@
"name": "testpilot-containers", "name": "testpilot-containers",
"title": "Containers Experiment", "title": "Containers Experiment",
"description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored Container Tabs. This add-on is a modified version of the containers feature for Firefox Test Pilot.", "description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored Container Tabs. This add-on is a modified version of the containers feature for Firefox Test Pilot.",
"version": "1.1.0", "version": "1.1.1",
"author": "Andrea Marchesini, Luke Crouch and Jonathan Kingston", "author": "Andrea Marchesini, Luke Crouch and Jonathan Kingston",
"bugs": { "bugs": {
"url": "https://github.com/mozilla/testpilot-containers/issues" "url": "https://github.com/mozilla/testpilot-containers/issues"
@ -11,8 +11,9 @@
"devDependencies": { "devDependencies": {
"addons-linter": "^0.15.14", "addons-linter": "^0.15.14",
"deploy-txp": "^1.0.7", "deploy-txp": "^1.0.7",
"eslint": "^3.12.2", "eslint": "^3.17.1",
"eslint-plugin-promise": "^3.4.0", "eslint-plugin-promise": "^3.4.0",
"eslint-plugin-unsafe-property-assign": "^1.0.2",
"htmllint-cli": "^0.0.5", "htmllint-cli": "^0.0.5",
"jpm": "^1.2.2", "jpm": "^1.2.2",
"npm-run-all": "^4.0.0", "npm-run-all": "^4.0.0",

48
webextension/js/popup.js
View file

@ -18,6 +18,42 @@ const P_CONTAINER_INFO = "containerInfo";
const P_CONTAINER_EDIT = "containerEdit"; const P_CONTAINER_EDIT = "containerEdit";
const P_CONTAINER_DELETE = "containerDelete"; const P_CONTAINER_DELETE = "containerDelete";
/**
* Escapes any occurances of &, ", < or > with XML entities.
*
* @param {string} str
* The string to escape.
* @return {string} The escaped string.
*/
function escapeXML(str) {
const replacements = {"&": "&amp;", "\"": "&quot;", "'": "&apos;", "<": "&lt;", ">": "&gt;"};
return String(str).replace(/[&"''<>]/g, m => replacements[m]);
}
/**
* A tagged template function which escapes any XML metacharacters in
* interpolated values.
*
* @param {Array<string>} strings
* An array of literal strings extracted from the templates.
* @param {Array} values
* An array of interpolated values extracted from the template.
* @returns {string}
* The result of the escaped values interpolated with the literal
* strings.
*/
function escaped(strings, ...values) {
const result = [];
for (const [i, string] of strings.entries()) {
result.push(string);
if (i < values.length)
result.push(escapeXML(values[i]));
}
return result.join("");
}
// This object controls all the panels, identities and many other things. // This object controls all the panels, identities and many other things.
const Logic = { const Logic = {
_identities: [], _identities: [],
@ -235,7 +271,7 @@ Logic.registerPanel(P_CONTAINERS_LIST, {
tr.classList.add("container-panel-row"); tr.classList.add("container-panel-row");
context.classList.add("userContext-wrapper", "open-newtab", "clickable"); context.classList.add("userContext-wrapper", "open-newtab", "clickable");
manage.classList.add("show-tabs", "pop-button"); manage.classList.add("show-tabs", "pop-button");
context.innerHTML = ` context.innerHTML = escaped`
<div class="userContext-icon-wrapper open-newtab"> <div class="userContext-icon-wrapper open-newtab">
<div class="userContext-icon" <div class="userContext-icon"
data-identity-icon="${identity.image}" data-identity-icon="${identity.image}"
@ -378,7 +414,7 @@ Logic.registerPanel(P_CONTAINER_INFO, {
const tr = document.createElement("tr"); const tr = document.createElement("tr");
fragment.appendChild(tr); fragment.appendChild(tr);
tr.classList.add("container-info-tab-row"); tr.classList.add("container-info-tab-row");
tr.innerHTML = ` tr.innerHTML = escaped`
<td><img class="icon" src="${tab.favicon}" /></td> <td><img class="icon" src="${tab.favicon}" /></td>
<td class="container-info-tab-title">${tab.title}</td>`; <td class="container-info-tab-title">${tab.title}</td>`;
@ -422,7 +458,7 @@ Logic.registerPanel(P_CONTAINERS_EDIT, {
const tr = document.createElement("tr"); const tr = document.createElement("tr");
fragment.appendChild(tr); fragment.appendChild(tr);
tr.classList.add("container-panel-row"); tr.classList.add("container-panel-row");
tr.innerHTML = ` tr.innerHTML = escaped`
<td class="userContext-wrapper"> <td class="userContext-wrapper">
<div class="userContext-icon-wrapper"> <div class="userContext-icon-wrapper">
<div class="userContext-icon" <div class="userContext-icon"
@ -509,25 +545,27 @@ Logic.registerPanel(P_CONTAINER_EDIT, {
initializeRadioButtons() { initializeRadioButtons() {
const colorRadioTemplate = (containerColor) => { const colorRadioTemplate = (containerColor) => {
return `<input type="radio" value="${containerColor}" name="container-color" id="edit-container-panel-choose-color-${containerColor}" /> return escaped`<input type="radio" value="${containerColor}" name="container-color" id="edit-container-panel-choose-color-${containerColor}" />
<label for="edit-container-panel-choose-color-${containerColor}" class="usercontext-icon choose-color-icon" data-identity-icon="circle" data-identity-color="${containerColor}">`; <label for="edit-container-panel-choose-color-${containerColor}" class="usercontext-icon choose-color-icon" data-identity-icon="circle" data-identity-color="${containerColor}">`;
}; };
const colors = ["blue", "turquoise", "green", "yellow", "orange", "red", "pink", "purple" ]; const colors = ["blue", "turquoise", "green", "yellow", "orange", "red", "pink", "purple" ];
const colorRadioFieldset = document.getElementById("edit-container-panel-choose-color"); const colorRadioFieldset = document.getElementById("edit-container-panel-choose-color");
colors.forEach((containerColor) => { colors.forEach((containerColor) => {
const templateInstance = document.createElement("span"); const templateInstance = document.createElement("span");
// eslint-disable-next-line unsafe-property-assignment/enforce-tagged-template-protection
templateInstance.innerHTML = colorRadioTemplate(containerColor); templateInstance.innerHTML = colorRadioTemplate(containerColor);
colorRadioFieldset.appendChild(templateInstance); colorRadioFieldset.appendChild(templateInstance);
}); });
const iconRadioTemplate = (containerIcon) => { const iconRadioTemplate = (containerIcon) => {
return `<input type="radio" value="${containerIcon}" name="container-icon" id="edit-container-panel-choose-icon-${containerIcon}" /> return escaped`<input type="radio" value="${containerIcon}" name="container-icon" id="edit-container-panel-choose-icon-${containerIcon}" />
<label for="edit-container-panel-choose-icon-${containerIcon}" class="usercontext-icon choose-color-icon" data-identity-color="grey" data-identity-icon="${containerIcon}">`; <label for="edit-container-panel-choose-icon-${containerIcon}" class="usercontext-icon choose-color-icon" data-identity-color="grey" data-identity-icon="${containerIcon}">`;
}; };
const icons = ["fingerprint", "briefcase", "dollar", "cart", "vacation", "gift", "food", "fruit", "pet", "tree", "chill", "circle"]; const icons = ["fingerprint", "briefcase", "dollar", "cart", "vacation", "gift", "food", "fruit", "pet", "tree", "chill", "circle"];
const iconRadioFieldset = document.getElementById("edit-container-panel-choose-icon"); const iconRadioFieldset = document.getElementById("edit-container-panel-choose-icon");
icons.forEach((containerIcon) => { icons.forEach((containerIcon) => {
const templateInstance = document.createElement("span"); const templateInstance = document.createElement("span");
// eslint-disable-next-line unsafe-property-assignment/enforce-tagged-template-protection
templateInstance.innerHTML = iconRadioTemplate(containerIcon); templateInstance.innerHTML = iconRadioTemplate(containerIcon);
iconRadioFieldset.appendChild(templateInstance); iconRadioFieldset.appendChild(templateInstance);
}); });

2
webextension/manifest.json
View file

@ -1,7 +1,7 @@
{ {
"manifest_version": 2, "manifest_version": 2,
"name": "Containers Experiment", "name": "Containers Experiment",
"version": "1.1.0", "version": "1.1.1",
"description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored Container Tabs. This add-on is a modified version of the containers feature for Firefox Test Pilot.", "description": "Containers works by isolating cookie jars using separate origin-attributes defined visually by colored Container Tabs. This add-on is a modified version of the containers feature for Firefox Test Pilot.",
"icons": { "icons": {