Nutchanon Wetchasit
2017-03-30 07:50:26 UTC
URL:
<http://savannah.gnu.org/bugs/?50677>
Summary: Gnash-libgnashplugin communication lacks proper
escape mechanism
Project: Gnash - The GNU Flash player
Submitted by: nachanon
Submitted on: Thu 30 Mar 2017 02:50:25 PM ICT
Category: plugin
Severity: 3 - Normal
Release: master
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
This is a spin-off from bug #46944 (MovieClip-based FSCommand issue).
While I was writing tests for Gnash's FSCommand implementation, I noticed that
when Gnash is running as a plug-in, FSCommand call made by the SWF with string
parameter full of symbols (especially '<' and '>') will not reach JavaScript
FSCommand handler, while ones with normal string parameter will.
Upon inspection, I found that Gnash communication module *does not escape '<'
and '>' in string content of the message*
<https://git.savannah.gnu.org/cgit/gnash.git/tree/libcore/ExternalInterface.cpp?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n114>.
When '<' is present, the message structure became ambiguous and causes problem
with receiver/plugin-side's parser, resulting in discarded message (thus the
missing FSCommand call).
This problem is not specific to FSCommand: generic `getURL()` instruction,
built-in plugin function like `GetVariable()`, and scripting API like
`ExternalInterface` are very likely to be affected too; though these will need
additional testing to confirm.
Current automated tests tracking this issue (in FSCommand usage) are:
* hostcmd_testrunner_v*: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n210>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n289>
* hostcmd_htmltest_v*.html: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n238>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n305>
Gnash: 0.8.11dev (git 8a11e60 8-Mar-2017)
Browser: Iceweasel 10.0.12 (debian)
System: Debian GNU/Linux 7.0 Wheezy i386
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50677>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
<http://savannah.gnu.org/bugs/?50677>
Summary: Gnash-libgnashplugin communication lacks proper
escape mechanism
Project: Gnash - The GNU Flash player
Submitted by: nachanon
Submitted on: Thu 30 Mar 2017 02:50:25 PM ICT
Category: plugin
Severity: 3 - Normal
Release: master
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
This is a spin-off from bug #46944 (MovieClip-based FSCommand issue).
While I was writing tests for Gnash's FSCommand implementation, I noticed that
when Gnash is running as a plug-in, FSCommand call made by the SWF with string
parameter full of symbols (especially '<' and '>') will not reach JavaScript
FSCommand handler, while ones with normal string parameter will.
Upon inspection, I found that Gnash communication module *does not escape '<'
and '>' in string content of the message*
<https://git.savannah.gnu.org/cgit/gnash.git/tree/libcore/ExternalInterface.cpp?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n114>.
When '<' is present, the message structure became ambiguous and causes problem
with receiver/plugin-side's parser, resulting in discarded message (thus the
missing FSCommand call).
This problem is not specific to FSCommand: generic `getURL()` instruction,
built-in plugin function like `GetVariable()`, and scripting API like
`ExternalInterface` are very likely to be affected too; though these will need
additional testing to confirm.
Current automated tests tracking this issue (in FSCommand usage) are:
* hostcmd_testrunner_v*: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n210>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n289>
* hostcmd_htmltest_v*.html: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n238>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n305>
Gnash: 0.8.11dev (git 8a11e60 8-Mar-2017)
Browser: Iceweasel 10.0.12 (debian)
System: Debian GNU/Linux 7.0 Wheezy i386
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50677>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/