Edge: Safeguard content before writing it to the DOM via javascript

Using ` (template literals) to 'quote' the string is not safe. Use ' (regular string literal) intead and escape the data properly.
eclipse-platform · Sep 12, 2024 · 341418b · 341418b
1 parent d271060
commit 341418b
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/bundles/org.eclipse.swt/Eclipse SWT Browser/win32/org/eclipse/swt/browser/Edge.java b/bundles/org.eclipse.swt/Eclipse SWT Browser/win32/org/eclipse/swt/browser/Edge.java
@@ -735,7 +735,7 @@ int handleDOMContentLoaded(long pView, long pArgs) {
 				return COM.S_OK;
 			});
 			webView.ExecuteScript(
-					stringToWstr("document.open(); document.write(`" + lastCustomText + "`); document.close();"),
+					stringToWstr("document.open(); document.write('" + escapeForSingleQuotedJSString(lastCustomText) + "'); document.close();"),
 					postExecute);
 			postExecute.Release();
 			this.lastCustomText = null;
@@ -746,6 +746,13 @@ int handleDOMContentLoaded(long pView, long pArgs) {
 	return COM.S_OK;
 }
 
+private static String escapeForSingleQuotedJSString(String str) {
+	return str.replace("\\", "\\\\") //
+			.replace("'", "\\'") //
+			.replace("\r", "\\r") //
+			.replace("\n", "\\n");
+}
+
 int handleContextMenuRequested(long pView, long pArgs) {
 	ICoreWebView2ContextMenuRequestedEventArgs args = new ICoreWebView2ContextMenuRequestedEventArgs(pArgs);