[tbb-commits] [tor-browser/tor-browser-52.7.3esr-8.0-1] Bug 25458: UI customization half-broken in Tor Browser 8.0a3

gk at torproject.org gk at torproject.org
Wed Apr 25 09:06:03 UTC 2018


commit 12847934f5c7baf4e94945ec433f1b2fdcf33625
Author: Richard Pospesel <richard at torproject.org>
Date:   Fri Apr 20 16:03:41 2018 -0700

    Bug 25458: UI customization half-broken in Tor Browser 8.0a3
    
    Fixed fallout from #25147.  Some of the functionality of the UI
    Customize screen is dependent on setting innerHTML on divs.  Since the
    code runs in the System context, the HTML was being sanitized and broke
    page functionality.  The offending statements have been switched to the
    unsafeSetInnerHTML() method which bypasses sanitization in System
    context.
---
 browser/components/customizableui/CustomizeMode.jsm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/browser/components/customizableui/CustomizeMode.jsm b/browser/components/customizableui/CustomizeMode.jsm
index 49868cdbd4a0..4c32fd867c09 100644
--- a/browser/components/customizableui/CustomizeMode.jsm
+++ b/browser/components/customizableui/CustomizeMode.jsm
@@ -690,13 +690,13 @@ CustomizeMode.prototype = {
       // Put the tip contents in the popup.
       let bundle = this.document.getElementById("bundle_browser");
       const kLabelClass = "customization-tipPanel-link";
-      messageNode.innerHTML = bundle.getFormattedString("customizeTips.tip0", [
+      messageNode.unsafeSetInnerHTML(bundle.getFormattedString("customizeTips.tip0", [
         "<label class=\"customization-tipPanel-em\" value=\"" +
           bundle.getString("customizeTips.tip0.hint") + "\"/>",
         this.document.getElementById("bundle_brand").getString("brandShortName"),
         "<label class=\"" + kLabelClass + " text-link\" value=\"" +
         bundle.getString("customizeTips.tip0.learnMore") + "\"/>"
-      ]);
+      ]));
 
       messageNode.querySelector("." + kLabelClass).addEventListener("click", () => {
         let url = Services.urlFormatter.formatURLPref("browser.customizemode.tip0.learnMoreUrl");



More information about the tbb-commits mailing list