mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-06-21 02:29:34 +00:00
#405: sanitize date strings before exposing them to NSDateFormatter
This commit is contained in:
parent
2fc532b6e6
commit
d933cc2921
|
@ -608,6 +608,34 @@ HTMLInputElement::InitTimePicker(bool aNoMatterWhat)
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
IsDateInRightFormat(const nsAutoString& aDate)
|
||||||
|
{
|
||||||
|
// Avoid exposing web-defined date strings to OS X, since I have
|
||||||
|
// no idea what crap lurks in there. Instead, ensure the string
|
||||||
|
// is in nnnn-nn-nn format, and assume that OS X can handle days
|
||||||
|
// and months that are out of range and reject those as long as
|
||||||
|
// the basic format is acceptable.
|
||||||
|
if (aDate.Length() != 10)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
const char16_t *cur = aDate.BeginReading();
|
||||||
|
const char16_t *end = aDate.EndReading();
|
||||||
|
size_t nchar = 0;
|
||||||
|
for (; cur < end; ++cur) {
|
||||||
|
nchar++;
|
||||||
|
if (nchar == 5 || nchar == 8) {
|
||||||
|
if (char16_t('-') == *cur)
|
||||||
|
continue;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (char16_t('0') > *cur || char16_t('9') < *cur)
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
HTMLInputElement::InitDatePicker(bool aNoMatterWhat)
|
HTMLInputElement::InitDatePicker(bool aNoMatterWhat)
|
||||||
{
|
{
|
||||||
|
@ -637,20 +665,27 @@ HTMLInputElement::InitDatePicker(bool aNoMatterWhat)
|
||||||
GetValueInternal(initialValue);
|
GetValueInternal(initialValue);
|
||||||
nsresult rv = datePicker->Init(win, EmptyString()); // title NYI
|
nsresult rv = datePicker->Init(win, EmptyString()); // title NYI
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
rv = datePicker->SetDefaultDate(initialValue);
|
if (IsDateInRightFormat(initialValue)) {
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
// Sanitized, therefore safe to give to the Cocoa date formatter.
|
||||||
|
rv = datePicker->SetDefaultDate(initialValue);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
}
|
||||||
|
|
||||||
if (HasAttr(kNameSpaceID_None, nsGkAtoms::min)) {
|
if (HasAttr(kNameSpaceID_None, nsGkAtoms::min)) {
|
||||||
nsAutoString minStr;
|
nsAutoString minStr;
|
||||||
GetAttr(kNameSpaceID_None, nsGkAtoms::min, minStr);
|
GetAttr(kNameSpaceID_None, nsGkAtoms::min, minStr);
|
||||||
rv = datePicker->SetMinDate(minStr);
|
if (IsDateInRightFormat(minStr)) {
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
rv = datePicker->SetMinDate(minStr);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (HasAttr(kNameSpaceID_None, nsGkAtoms::max)) {
|
if (HasAttr(kNameSpaceID_None, nsGkAtoms::max)) {
|
||||||
nsAutoString maxStr;
|
nsAutoString maxStr;
|
||||||
GetAttr(kNameSpaceID_None, nsGkAtoms::max, maxStr);
|
GetAttr(kNameSpaceID_None, nsGkAtoms::max, maxStr);
|
||||||
rv = datePicker->SetMaxDate(maxStr);
|
if (IsDateInRightFormat(maxStr)) {
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
rv = datePicker->SetMaxDate(maxStr);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIDatePickerShownCallback> callback =
|
nsCOMPtr<nsIDatePickerShownCallback> callback =
|
||||||
|
|
Loading…
Reference in New Issue
Block a user