From 1db360874511bc91cf1dfc515aefc554202bc709 Mon Sep 17 00:00:00 2001
From: "myk%mozilla.org" <myk%mozilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 16 Sep 2002 21:31:58 +0000
Subject: [PATCH] Fix for bug 57556: escapes user-entered data when displaying
 it to prevent cross-site scripting attacks. r=dmose

git-svn-id: svn://10.0.0.236/trunk@129751 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/web-sniffer/cgiview.c |  6 +++---
 mozilla/webtools/web-sniffer/html.c    | 29 ++++++++++++++++++++++----
 mozilla/webtools/web-sniffer/html.h    |  1 +
 mozilla/webtools/web-sniffer/net.c     |  8 +++----
 mozilla/webtools/web-sniffer/view.c    |  3 ++-
 5 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/mozilla/webtools/web-sniffer/cgiview.c b/mozilla/webtools/web-sniffer/cgiview.c
index b124e20d64f..47234499d5c 100644
--- a/mozilla/webtools/web-sniffer/cgiview.c
+++ b/mozilla/webtools/web-sniffer/cgiview.c
@@ -277,7 +277,7 @@ getHTTPRequestHeaders(View *view, char *host, char *verbose)
 		*r++ = str;
 		viewReport(view, str);
 	}
-	viewReport(view, "<hr>");
+	fprintf(view->out, "<hr><br>");
 	*r = NULL;
 
 	return (unsigned char **) ret;
@@ -359,7 +359,7 @@ main(int argc, char *argv[])
 		);
 		viewReport(view, "input url:");
 		viewReport(view, (char *) url);
-		viewReport(view, "<hr>");
+		fprintf(view->out, "<hr><br>");
 		u = urlParse(url);
 		if
 		(
@@ -410,7 +410,7 @@ main(int argc, char *argv[])
 		free(newURL);
 		viewReport(view, "fully qualified url:");
 		viewReport(view, (char *) u->url);
-		viewReport(view, "<hr>");
+		fprintf(view->out, "<hr><br>");
 		fflush(view->out);
 		if (!strcmp((char *) u->scheme, "http"))
 		{
diff --git a/mozilla/webtools/web-sniffer/html.c b/mozilla/webtools/web-sniffer/html.c
index e0b2ddac920..b67c4efdbe0 100644
--- a/mozilla/webtools/web-sniffer/html.c
+++ b/mozilla/webtools/web-sniffer/html.c
@@ -849,6 +849,29 @@ htmlRead(void *a, Input *input, unsigned char *base)
 
 unsigned char *
 toHTML(unsigned char *str)
+{
+	unsigned char   *escaped_str;
+	unsigned char   *result;
+
+        escaped_str = escapeHTML(str);
+
+	result = NULL;
+
+        result = calloc(strlen((char *) escaped_str)+2, 1);
+	if (!result)
+	{
+	        fprintf(stderr, "cannot calloc toHTML string\n");
+		exit(0);
+	}
+        result[0] = '"';
+        strcat((char *) result, (char *) escaped_str);
+        strcat((char *) result, "\"");
+
+	return result;
+}
+
+unsigned char *
+escapeHTML(unsigned char *str)
 {
 	char		buf[2];
 	int		i;
@@ -892,17 +915,15 @@ toHTML(unsigned char *str)
 		}
 		if (!result)
 		{
-			result = calloc(len + 3, 1);
+			result = calloc(len + 1, 1);
 			if (!result)
 			{
 				fprintf(stderr,
-					"cannot calloc toHTML string\n");
+					"cannot calloc escapeHTML string\n");
 				exit(0);
 			}
-			result[0] = '"';
 		}
 	}
-	strcat((char *) result, "\"");
 
 	return result;
 }
diff --git a/mozilla/webtools/web-sniffer/html.h b/mozilla/webtools/web-sniffer/html.h
index 70f2c5fbfa7..a69eb3b77b0 100644
--- a/mozilla/webtools/web-sniffer/html.h
+++ b/mozilla/webtools/web-sniffer/html.h
@@ -51,5 +51,6 @@ void htmlRegister(char *tag, char *attributeName, HTMLHandler handler);
 void htmlRegisterTagHandler(HTMLHandler handler);
 void htmlRegisterURLHandler(HTMLHandler handler);
 unsigned char *toHTML(unsigned char *str);
+unsigned char *escapeHTML(unsigned char *str);
 
 #endif /* _HTML_H_ */
diff --git a/mozilla/webtools/web-sniffer/net.c b/mozilla/webtools/web-sniffer/net.c
index 1f69d9c9ecc..9f72ecf329c 100644
--- a/mozilla/webtools/web-sniffer/net.c
+++ b/mozilla/webtools/web-sniffer/net.c
@@ -141,7 +141,7 @@ getSocketAndIPAddress(void *a, unsigned char *hostName, int port,
 	{
 		reportTime(REPORT_TIME_GETHOSTBYNAME_FAILURE, &theTime);
 		reportStatus(a, "gethostbyname_r failed", __FILE__, __LINE__);
-		viewReport(a, "failed<br><hr>");
+		fprintf(stdout, "failed<br><hr><br>");
 		close(sock);
 		return -1;
 	}
@@ -150,7 +150,7 @@ getSocketAndIPAddress(void *a, unsigned char *hostName, int port,
 
 	reportStatus(a, "gethostbyname_r succeeded", __FILE__, __LINE__);
 
-	viewReport(a, "succeeded<br><hr>");
+	fprintf(stdout, "succeeded<br><hr><br>");
 
 	MUTEX_LOCK();
 	dnsCount++;
@@ -273,7 +273,7 @@ netConnect(void *a, unsigned char *hostName, int port)
 		reportStatus(a, "connect failed", __FILE__, __LINE__);
 		viewReport(a, "failed:");
 		viewReport(a, strerror(errno) ? strerror(errno) : "NULL");
-		viewReport(a, "<hr>");
+		fprintf(stdout, "<hr><br>");
 		return -1;
 	}
 
@@ -281,7 +281,7 @@ netConnect(void *a, unsigned char *hostName, int port)
 
 	reportStatus(a, "connect succeeded", __FILE__, __LINE__);
 
-	viewReport(a, "succeeded<br><hr>");
+	fprintf(stdout, "succeeded<br><hr><br>");
 
 	MUTEX_LOCK();
 	connectCount++;
diff --git a/mozilla/webtools/web-sniffer/view.c b/mozilla/webtools/web-sniffer/view.c
index 3041fa03c4b..7cd3c4553f8 100644
--- a/mozilla/webtools/web-sniffer/view.c
+++ b/mozilla/webtools/web-sniffer/view.c
@@ -24,6 +24,7 @@
 #include <string.h>
 
 #include "http.h"
+#include "html.h"
 #include "io.h"
 #include "view.h"
 
@@ -227,7 +228,7 @@ viewReport(View *view, char *str)
 {
 	if (verbose)
 	{
-		fprintf(view->out, str);
+         	fprintf(view->out, (char *) escapeHTML((unsigned char *) str));
 		fprintf(view->out, "<br>");
 		fflush(view->out);
 	}