[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #50677] Gnash-libgnashplugin communication lacks pro
From: |
Nutchanon Wetchasit |
Subject: |
[Gnash-commit] [bug #50677] Gnash-libgnashplugin communication lacks proper escape mechanism |
Date: |
Thu, 30 Mar 2017 03:50:26 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:25.8) Gecko/20151123 Firefox/31.9 PaleMoon/25.8.1 |
URL:
<http://savannah.gnu.org/bugs/?50677>
Summary: Gnash-libgnashplugin communication lacks proper
escape mechanism
Project: Gnash - The GNU Flash player
Submitted by: nachanon
Submitted on: Thu 30 Mar 2017 02:50:25 PM ICT
Category: plugin
Severity: 3 - Normal
Release: master
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
This is a spin-off from bug #46944 (MovieClip-based FSCommand issue).
While I was writing tests for Gnash's FSCommand implementation, I noticed that
when Gnash is running as a plug-in, FSCommand call made by the SWF with string
parameter full of symbols (especially '<' and '>') will not reach JavaScript
FSCommand handler, while ones with normal string parameter will.
Upon inspection, I found that Gnash communication module *does not escape '<'
and '>' in string content of the message*
<https://git.savannah.gnu.org/cgit/gnash.git/tree/libcore/ExternalInterface.cpp?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n114>.
When '<' is present, the message structure became ambiguous and causes problem
with receiver/plugin-side's parser, resulting in discarded message (thus the
missing FSCommand call).
This problem is not specific to FSCommand: generic `getURL()` instruction,
built-in plugin function like `GetVariable()`, and scripting API like
`ExternalInterface` are very likely to be affected too; though these will need
additional testing to confirm.
Current automated tests tracking this issue (in FSCommand usage) are:
* hostcmd_testrunner_v*: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n210>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_testrunner.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n289>
* hostcmd_htmltest_v*.html: (1)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n238>
(2)
<https://git.savannah.gnu.org/cgit/gnash.git/tree/testsuite/misc-ming.all/hostcmd_htmltest.sh?id=8a11e60585db4ed6bc4eafadfbd9b3123ced45d9#n305>
Gnash: 0.8.11dev (git 8a11e60 8-Mar-2017)
Browser: Iceweasel 10.0.12 (debian)
System: Debian GNU/Linux 7.0 Wheezy i386
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50677>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] [bug #50677] Gnash-libgnashplugin communication lacks proper escape mechanism,
Nutchanon Wetchasit <=