diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-03-16 16:20:21 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-03-16 16:20:24 +0100 |
commit | 2787294ecfe5d005d836f08f724ced938ff14965 (patch) | |
tree | 09c741d491ae4fe32ee9ec0a68e06715e2c55cdf /xul-ext/chrome/content | |
parent | 800386c04c35051b8491366c49923ec73ba0a5a1 (diff) |
JSON-encode error messages.
This ensures that control characters are escaped and defeats injection
attacks.
Diffstat (limited to 'xul-ext/chrome/content')
-rw-r--r-- | xul-ext/chrome/content/icevault.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/xul-ext/chrome/content/icevault.js b/xul-ext/chrome/content/icevault.js index 2006e3a..fe2cb50 100644 --- a/xul-ext/chrome/content/icevault.js +++ b/xul-ext/chrome/content/icevault.js @@ -131,7 +131,7 @@ var icevault = (function() { send(state.outStream, 'OK'); } catch (e if typeof e == "string" || e instanceof SyntaxError) { - send(state.outStream, 'ERROR ' + (typeof e == "string" ? e : e.message)); + send(state.outStream, 'ERROR ' + JSON.stringify(typeof e == "string" ? e : e.message)); } break; @@ -142,7 +142,7 @@ var icevault = (function() { break; default: - send(state.outStream, 'ERROR Invalid command: ' + command); + send(state.outStream, 'ERROR ' + JSON.stringify('Invalid command: ' + command)); } }; |