Bug 1333071 Escape addon name in post-install dialog
MozReview-Commit-ID: Gvhpzq4Psk7
--- a/browser/modules/ExtensionsUI.jsm
+++ b/browser/modules/ExtensionsUI.jsm
@@ -143,31 +143,37 @@ this.ExtensionsUI = {
this.updates.add(subject.wrappedJSObject);
this.emit("change");
} else if (topic == "webextension-install-notify") {
let {target, addon} = subject.wrappedJSObject;
this.showInstallNotification(target, addon);
}
},
+ // Escape &, <, and > characters in a string so that it may be
+ // injected as part of raw markup.
+ _sanitizeName(name) {
+ return name.replace(/&/g, "&")
+ .replace(/</g, "<")
+ .replace(/>/g, ">");
+ },
+
showPermissionsPrompt(target, info) {
let perms = info.permissions;
if (!perms) {
return Promise.resolve();
}
let win = target.ownerGlobal;
let name = info.addon.name;
if (name.length > 50) {
name = name.slice(0, 49) + "…";
}
- name = name.replace(/&/g, "&")
- .replace(/</g, "<")
- .replace(/>/g, ">");
+ name = this._sanitizeName(name);
let addonLabel = `<label class="addon-webext-name">${name}</label>`;
let bundle = win.gNavigatorBundle;
let header = bundle.getFormattedString("webextPerms.header", [addonLabel]);
let text = "";
let listIntro = bundle.getString("webextPerms.listIntro");
@@ -305,17 +311,18 @@ this.ExtensionsUI = {
], popupOptions);
});
},
showInstallNotification(target, addon) {
let win = target.ownerGlobal;
let popups = win.PopupNotifications;
- let addonLabel = `<label class="addon-webext-name">${addon.name}</label>`;
+ let name = this._sanitizeName(addon.name);
+ let addonLabel = `<label class="addon-webext-name">${name}</label>`;
let addonIcon = '<image class="addon-addon-icon"/>';
let toolbarIcon = '<image class="addon-toolbar-icon"/>';
let brandBundle = win.document.getElementById("bundle_brand");
let appName = brandBundle.getString("brandShortName");
let bundle = win.gNavigatorBundle;
let msg1 = bundle.getFormattedString("addonPostInstall.message1",