remoting/webapp/oauth2.js - Issue 10221021: Protect all uses of JSON.parse against exceptions.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: remoting/webapp/oauth2.js

Issue 10221021: Protect all uses of JSON.parse against exceptions. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Reviewer comments. Created 8 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: remoting/webapp/oauth2.js

diff --git a/remoting/webapp/oauth2.js b/remoting/webapp/oauth2.js

index 5d61c4a71904e277a7fccbf0daa93603b9701992..2223d0a35d8520a2357627faab23276f744990e3 100644

--- a/remoting/webapp/oauth2.js

+++ b/remoting/webapp/oauth2.js

@@ -148,8 +148,8 @@ remoting.OAuth2.prototype.getAccessTokenInternal_ = function() {

}

var accessToken = window.localStorage.getItem(this.KEY_ACCESS_TOKEN_);

if (typeof accessToken == 'string') {

- var result = JSON.parse(accessToken);

- if ('token' in result && 'expiration' in result) {

+ var result = jsonParseSafe(accessToken);

+ if (result && 'token' in result && 'expiration' in result) {

return /** @type {{token: string, expiration: number}} */ result;

}

@@ -206,23 +206,27 @@ remoting.OAuth2.prototype.clearAccessToken = function() {

remoting.OAuth2.prototype.processTokenResponse_ = function(xhr) {

if (xhr.status == 200) {

- var tokens = JSON.parse(xhr.responseText);

- if ('refresh_token' in tokens) {

- this.setRefreshToken(tokens['refresh_token']);

- }

+ var tokens = jsonParseSafe(xhr.responseText);

+ if (tokens) {

+ if ('refresh_token' in tokens) {

+ this.setRefreshToken(tokens['refresh_token']);

+ }

- // Offset by 120 seconds so that we can guarantee that the token

- // we return will be valid for at least 2 minutes.

- // If the access token is to be useful, this object must make some

- // guarantee as to how long the token will be valid for.

- // The choice of 2 minutes is arbitrary, but that length of time

- // is part of the contract satisfied by callWithToken().

- // Offset by a further 30 seconds to account for RTT issues.

- this.setAccessToken(tokens['access_token'],

- (tokens['expires_in'] - (120 + 30)) * 1000 + Date.now());

+ // Offset by 120 seconds so that we can guarantee that the token

+ // we return will be valid for at least 2 minutes.

+ // If the access token is to be useful, this object must make some

+ // guarantee as to how long the token will be valid for.

+ // The choice of 2 minutes is arbitrary, but that length of time

+ // is part of the contract satisfied by callWithToken().

+ // Offset by a further 30 seconds to account for RTT issues.

+ this.setAccessToken(tokens['access_token'],

+ (tokens['expires_in'] - (120 + 30)) * 1000 + Date.now());

+ } else {

+ console.error('Invalid "token" response from server.');

+ }

} else {

- console.log('Failed to get tokens. Status: ' + xhr.status +

- ' response: ' + xhr.responseText);

+ console.error('Failed to get tokens. Status: ' + xhr.status +

+ ' response: ' + xhr.responseText);

}

};

« no previous file with comments | « remoting/webapp/host_list.js ('k') | remoting/webapp/remoting.js » ('j') | no next file with comments »