Fix Brave crashing on confirm bug #4891

willy-b · 2016-10-18T10:37:54Z

(Realized that this can be solved with exactly what @bridiver did for alerts in #4798, just copied for confirm dialog, so replacing previous PR I had with @bridiver's sol'n)

Submitted a ticket for my issue if one did not already exist. [HackerOne] window.confirm crashes Brave #4883
Used Github auto-closing keywords in the commit message.
Ran git rebase -i to squash commits (if needed).

Test Plan:

Open Brave
Visit http://pentesting.x10host.com (entire page content is: <script>confirm(1)</script>, so can test with data:text/html,<script>confirm(1)</script> as well)
Observe that Brave does not crash, and confirm dialog with message content "1" is displayed.

Fix:

dialog.showMessageBox requires that the message and title arguments are strings
make sure that when message is a number (or other non-string type) it is coerced to a string
exact same change as what @bridiver did for alerts in Brave crashes if alert is called without a message #4798, but for confirm dialog

fixes #4883

@bridiver

- make sure that when `message` is a number (or other non-string type) it is coerced to a string - same change as what @bridiver did for alerts in #4798, but for confirm dialog fixes #4883

Also fix crashes for URLs like `data:text/html,<script>alert\(1, 1\)</script>` and `data:text/html,<script>confirm\(1, 1\)</script>`

bbondy · 2016-10-18T12:52:46Z

app/index.js

@@ -383,6 +384,8 @@ app.on('ready', () => {
      title = ''
    }


I think this can be removed now

if (title == null) { title = '' }

bbondy · 2016-10-18T12:52:59Z

app/index.js

@@ -368,6 +368,7 @@ app.on('ready', () => {
    }


willy-b · 2016-10-18T20:22:32Z

@bbondy, thanks for the review, I removed the extra lines. I can rebase and open a new PR or push directly to whatever branch you think is appropriate. Thanks!

bbondy · 2016-10-19T01:18:32Z

Perfect, I'll just do a squash merge, thanks.

fix Brave crash on confirm(1) bug

25957c3

- make sure that when `message` is a number (or other non-string type) it is coerced to a string - same change as what @bridiver did for alerts in #4798, but for confirm dialog fixes #4883

willy-b mentioned this pull request Oct 18, 2016

Brave crashes if alert is called without a message #4798

Closed

Also fix crashes when alert/confirm titles not strings

7cc949e

Also fix crashes for URLs like `data:text/html,<script>alert\(1, 1\)</script>` and `data:text/html,<script>confirm\(1, 1\)</script>`

bbondy reviewed Oct 18, 2016

View reviewed changes

app/index.js

@@ -368,6 +368,7 @@ app.on('ready', () => {

}

Copy link

Member

bbondy Oct 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto here

bbondy added this to the 0.12.6dev milestone Oct 18, 2016

bbondy added the release/blocking label Oct 18, 2016

bbondy assigned willy-b Oct 18, 2016

Remove some redundant lines

d1b5392

bbondy merged commit 3840430 into brave:master Oct 19, 2016

This was referenced Oct 20, 2016

Manual tests for Windows x64 0.12.6 Preview 1 #4993

Closed

Manual tests for OS X 0.12.6 Preview 2 #4994

Closed

srirambv added the QA/checked-Win64 label Oct 20, 2016

alexwykoff added the QA/checked-macOS label Oct 21, 2016

alexwykoff mentioned this pull request Oct 22, 2016

Manual tests for Ubuntu 0.12.6 RC2 #5051

Closed

alexwykoff added the QA/checked-Linux label Oct 22, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Brave crashing on confirm bug #4891

Fix Brave crashing on confirm bug #4891

willy-b commented Oct 18, 2016

bbondy Oct 18, 2016

bbondy Oct 18, 2016

willy-b commented Oct 18, 2016

bbondy commented Oct 19, 2016

Fix Brave crashing on confirm bug #4891

Fix Brave crashing on confirm bug #4891

Conversation

willy-b commented Oct 18, 2016

bbondy Oct 18, 2016

Choose a reason for hiding this comment

bbondy Oct 18, 2016

Choose a reason for hiding this comment

willy-b commented Oct 18, 2016

bbondy commented Oct 19, 2016