8000 chore: cherry-pick b03797bdb1df from chromium by ppontes · Pull Request #34631 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore: cherry-pick b03797bdb1df from chromium #34631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 20, 2022
Merged

chore: cherry-pick b03797bdb1df from chromium #34631

merged 2 commits into from
Jun 20, 2022

Conversation

ppontes
Copy link
Member
@ppontes ppontes commented Jun 19, 2022
edited
Loading

[M102] Markup sanitization should iterate until markup is stable

There are cases where parsing a markup and then serializing it does not
round trip, which can be used to inject XSS. Current sanitization code
only does one round of parsing and serializing, which does not remove
XSS injections that hide deeper.

Hence this patch makes sanitization algorithm iterate until the markup
is stable, or declares failure if it doesn't stabilize after many tries.

(cherry picked from commit 19280353fb92d0ff7d048d7cec28d6a23befbce0)

Fixed: 1315563
Change-Id: I4a3ebe1fda6df0e04a24d863b2b48df2110af209
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3611826
Commit-Queue: Xiaocheng Hu xiaochengh@chromium.org
Reviewed-by: Yoshifumi Inoue yosin@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#997032}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3621618
Auto-Submit: Xiaocheng Hu xiaochengh@chromium.org
Reviewed-by: Joey Arhar jarhar@chromium.org
Commit-Queue: Joey Arhar jarhar@chromium.org
Cr-Commit-Position: refs/branch-heads/5005@{#363}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}

Notes: Security: Backported fix for CVE-2022-1867.

@ppontes ppontes requested review from a team as code owners June 19, 2022 21:33
@ppontes ppontes added 18-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes labels Jun 19, 2022
@electron-cation electron-cation bot added new-pr 🌱 PR opened recently and removed new-pr 🌱 PR opened recently labels Jun 19, 2022
@zcbenz zcbenz merged commit 977dc25 into 18-x-y Jun 20, 2022
@zcbenz zcbenz deleted the cherry-pick/18-x-y/chromium/b03797bdb1df branch June 20, 2022 00:33
@release-clerk
Copy link
release-clerk bot commented Jun 20, 2022

Release Notes Persisted

Security: Backported fix for CVE-2022-1867.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
18-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ppontes @zcbenz
0