aboutsummaryrefslogtreecommitdiffstats
path: root/xul-ext/chrome/content
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-03-16 16:20:21 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-03-16 16:20:24 +0100
commit2787294ecfe5d005d836f08f724ced938ff14965 (patch)
tree09c741d491ae4fe32ee9ec0a68e06715e2c55cdf /xul-ext/chrome/content
parent800386c04c35051b8491366c49923ec73ba0a5a1 (diff)
JSON-encode error messages.
This ensures that control characters are escaped and defeats injection attacks.
Diffstat (limited to 'xul-ext/chrome/content')
-rw-r--r--xul-ext/chrome/content/icevault.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/xul-ext/chrome/content/icevault.js b/xul-ext/chrome/content/icevault.js
index 2006e3a..fe2cb50 100644
--- a/xul-ext/chrome/content/icevault.js
+++ b/xul-ext/chrome/content/icevault.js
@@ -131,7 +131,7 @@ var icevault = (function() {
send(state.outStream, 'OK');
}
catch (e if typeof e == "string" || e instanceof SyntaxError) {
- send(state.outStream, 'ERROR ' + (typeof e == "string" ? e : e.message));
+ send(state.outStream, 'ERROR ' + JSON.stringify(typeof e == "string" ? e : e.message));
}
break;
@@ -142,7 +142,7 @@ var icevault = (function() {
break;
default:
- send(state.outStream, 'ERROR Invalid command: ' + command);
+ send(state.outStream, 'ERROR ' + JSON.stringify('Invalid command: ' + command));
}
};