Bug 126366 - this|window.status rewrite fails to account for escaped '"s
this|window.status rewrite fails to account for escaped '"s
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: privoxy (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Hopp
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-20 06:19 EDT by Anduin Withers
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-08 08:09:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anduin Withers 2004-06-20 06:19:40 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.0.3705; .NET CLR 1.1.4322)

Description of problem:
When privoxy is rewriting changes to (this|window).status it will 
create invalid javascript if the original string attempts to escape 
the quote charater.

Version-Release number of selected component (if applicable):
privoxy-3.0.3-1

How reproducible:
Always

Steps to Reproduce:
1. Create a simple file to run through the proxy, one like this works:

<?php
    print("<a href=\"bugzilla.redhat.com\" target=\"new\" 
onmouseover=\"window.status = 'bug\'s'\">broken</a>\n<br>\n");
    print("<a href=\"bugzilla.redhat.com\" target=\"new\" 
onmouseover=\"window.status = 'bugs'\">works</a>\n");
?>

2. Load the page through the proxy.

3. Note the bad output caused by the escape character unaware match 
in /etc/privoxy/default.filter
    

Additional info:
Comment 1 Anduin Withers 2004-06-20 16:20:33 EDT
Oh yeah, here is the fix I'm using:

s/(\W\s*)((this|window)\.(default)?status)\s*=\s*((['"]).*?(?<!\\)\6)/
$1if(typeof(this.href) != 'undefined') $2 = $5 + ' URL: ' + 
this.href;else return false/ig

Note the (?<!\\) before \6 so it matches the full string.
Comment 2 Karsten Hopp 2005-09-08 08:09:15 EDT
fix added to the rawhide package, thanks!

Note You need to log in before you can comment on or make changes to this bug.