[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #50677] Gnash-libgnashplugin communication lacks pro

From: Nutchanon Wetchasit
Subject: [Gnash-commit] [bug #50677] Gnash-libgnashplugin communication lacks proper escape mechanism
Date: Thu, 30 Mar 2017 03:50:26 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux i686; rv:25.8) Gecko/20151123 Firefox/31.9 PaleMoon/25.8.1


                 Summary: Gnash-libgnashplugin communication lacks proper
escape mechanism
                 Project: Gnash - The GNU Flash player
            Submitted by: nachanon
            Submitted on: Thu 30 Mar 2017 02:50:25 PM ICT
                Category: plugin
                Severity: 3 - Normal
                 Release: master
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any



This is a spin-off from bug #46944 (MovieClip-based FSCommand issue).

While I was writing tests for Gnash's FSCommand implementation, I noticed that
when Gnash is running as a plug-in, FSCommand call made by the SWF with string
parameter full of symbols (especially '<' and '>') will not reach JavaScript
FSCommand handler, while ones with normal string parameter will.

Upon inspection, I found that Gnash communication module *does not escape '<'
and '>' in string content of the message*
When '<' is present, the message structure became ambiguous and causes problem
with receiver/plugin-side's parser, resulting in discarded message (thus the
missing FSCommand call).

This problem is not specific to FSCommand: generic `getURL()` instruction,
built-in plugin function like `GetVariable()`, and scripting API like
`ExternalInterface` are very likely to be affected too; though these will need
additional testing to confirm.

Current automated tests tracking this issue (in FSCommand usage) are:

* hostcmd_testrunner_v*: (1)
* hostcmd_htmltest_v*.html: (1)

Gnash: 0.8.11dev (git 8a11e60 8-Mar-2017)
Browser: Iceweasel 10.0.12 (debian)
System: Debian GNU/Linux 7.0 Wheezy i386


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]