| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_info.h" | 5 #include "chrome/browser/ssl/ssl_error_info.h" |
| 6 | 6 |
| 7 #include "base/i18n/time_formatting.h" | 7 #include "base/i18n/time_formatting.h" |
| 8 #include "base/utf_string_conversions.h" | 8 #include "base/utf_string_conversions.h" |
| 9 #include "chrome/common/time_format.h" | 9 #include "chrome/common/time_format.h" |
| 10 #include "content/public/browser/cert_store.h" | 10 #include "content/public/browser/cert_store.h" |
| 11 #include "googleurl/src/gurl.h" | 11 #include "googleurl/src/gurl.h" |
| 12 #include "grit/chromium_strings.h" | 12 #include "grit/chromium_strings.h" |
| 13 #include "grit/generated_resources.h" | 13 #include "grit/generated_resources.h" |
| 14 #include "net/base/cert_status_flags.h" | 14 #include "net/base/cert_status_flags.h" |
| 15 #include "net/base/escape.h" |
| 15 #include "net/base/net_errors.h" | 16 #include "net/base/net_errors.h" |
| 16 #include "net/base/ssl_info.h" | 17 #include "net/base/ssl_info.h" |
| 17 #include "ui/base/l10n/l10n_util.h" | 18 #include "ui/base/l10n/l10n_util.h" |
| 18 | 19 |
| 19 SSLErrorInfo::SSLErrorInfo(const string16& title, | 20 SSLErrorInfo::SSLErrorInfo(const string16& title, |
| 20 const string16& details, | 21 const string16& details, |
| 21 const string16& short_description, | 22 const string16& short_description, |
| 22 const std::vector<string16>& extra_info) | 23 const std::vector<string16>& extra_info) |
| 23 : title_(title), | 24 : title_(title), |
| 24 details_(details), | 25 details_(details), |
| (...skipping 23 matching lines...) Expand all Loading... |
| 48 size_t i = 0; | 49 size_t i = 0; |
| 49 for (; i < dns_names.size(); ++i) { | 50 for (; i < dns_names.size(); ++i) { |
| 50 if (dns_names[i] == cert->subject().common_name) | 51 if (dns_names[i] == cert->subject().common_name) |
| 51 break; | 52 break; |
| 52 } | 53 } |
| 53 if (i == dns_names.size()) | 54 if (i == dns_names.size()) |
| 54 i = 0; | 55 i = 0; |
| 55 details = | 56 details = |
| 56 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, | 57 l10n_util::GetStringFUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, |
| 57 UTF8ToUTF16(request_url.host()), | 58 UTF8ToUTF16(request_url.host()), |
| 58 UTF8ToUTF16(dns_names[i]), | 59 net::EscapeForHTML( |
| 60 UTF8ToUTF16(dns_names[i])), |
| 59 UTF8ToUTF16(request_url.host())); | 61 UTF8ToUTF16(request_url.host())); |
| 60 short_description = l10n_util::GetStringUTF16( | 62 short_description = l10n_util::GetStringUTF16( |
| 61 IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION); | 63 IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION); |
| 62 extra_info.push_back( | 64 extra_info.push_back( |
| 63 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); | 65 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); |
| 64 extra_info.push_back( | 66 extra_info.push_back( |
| 65 l10n_util::GetStringFUTF16( | 67 l10n_util::GetStringFUTF16( |
| 66 IDS_CERT_ERROR_COMMON_NAME_INVALID_EXTRA_INFO_2, | 68 IDS_CERT_ERROR_COMMON_NAME_INVALID_EXTRA_INFO_2, |
| 67 UTF8ToUTF16(cert->subject().common_name), | 69 net::EscapeForHTML(UTF8ToUTF16(cert->subject().common_name)), |
| 68 UTF8ToUTF16(request_url.host()))); | 70 UTF8ToUTF16(request_url.host()))); |
| 69 break; | 71 break; |
| 70 } | 72 } |
| 71 case CERT_DATE_INVALID: | 73 case CERT_DATE_INVALID: |
| 72 extra_info.push_back( | 74 extra_info.push_back( |
| 73 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); | 75 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_1)); |
| 74 if (cert->HasExpired()) { | 76 if (cert->HasExpired()) { |
| 75 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_TITLE); | 77 title = l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXPIRED_TITLE); |
| 76 details = l10n_util::GetStringFUTF16( | 78 details = l10n_util::GetStringFUTF16( |
| 77 IDS_CERT_ERROR_EXPIRED_DETAILS, | 79 IDS_CERT_ERROR_EXPIRED_DETAILS, |
| (...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 276 bool r = content::CertStore::GetInstance()->RetrieveCert( | 278 bool r = content::CertStore::GetInstance()->RetrieveCert( |
| 277 cert_id, &cert); | 279 cert_id, &cert); |
| 278 DCHECK(r); | 280 DCHECK(r); |
| 279 } | 281 } |
| 280 if (errors) | 282 if (errors) |
| 281 errors->push_back(SSLErrorInfo::CreateError(kErrorTypes[i], cert, url)); | 283 errors->push_back(SSLErrorInfo::CreateError(kErrorTypes[i], cert, url)); |
| 282 } | 284 } |
| 283 } | 285 } |
| 284 return count; | 286 return count; |
| 285 } | 287 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10827364:
Properly EscapeForHTML potentially malicious input from X.509 certificates. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/