MD Extensions: Fix overly aggressive sanitation.

Polymer already protects against XSS injection, we just need to combine the two strings. Bug: 822939 Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation Change-Id: I866d65419b22d63a1c5a460f6a30304e4a5d487a Reviewed-on: https://chromium-review.googlesource.com/981599 Commit-Queue: Hector Carmona <hcarmona@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#547113}

MD Extensions: Fix overly aggressive sanitation.
Polymer already protects against XSS injection, we just need to combine the two strings. Bug: 822939 Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation Change-Id: I866d65419b22d63a1c5a460f6a30304e4a5d487a Reviewed-on: https://chromium-review.googlesource.com/981599 Commit-Queue: Hector Carmona <hcarmona@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#547113}
195ae3b6 · Hector Carmona · Commit Bot · 9f7ed66f · 195ae3b6 · 195ae3b6
Commit 195ae3b6 authored Mar 30, 2018 by Hector Carmona Committed by Commit Bot Mar 30, 2018
3 changed files
--- a/chrome/browser/resources/md_extensions/item.js
+++ b/chrome/browser/resources/md_extensions/item.js
@@ -109,7 +109,12 @@ cr.define('extensions', function() {
    /** @private string */
    a11yAssociation_: function() {
-      return this.i18n('extensionA11yAssociation', this.data.name);
+      // Don't use I18nBehavior.i18n because of additional checks it performs.
+      // Polymer ensures that this string is not stamped into arbitrary HTML.
+      // |this.data.name| can contain any data including html tags.
+      // ex: "My <video> download extension!"
+      return loadTimeData.getStringF(
+          'extensionA11yAssociation', this.data.name);
    },
    /** @private */

--- a/chrome/test/data/webui/extensions/cr_extensions_browsertest.js
+++ b/chrome/test/data/webui/extensions/cr_extensions_browsertest.js
@@ -192,6 +192,10 @@ TEST_F('CrExtensionsItemsTest', 'RemoveButton', function() {
  this.runMochaTest(extension_item_tests.TestNames.RemoveButton);
 });
+TEST_F('CrExtensionsItemsTest', 'HtmlInName', function() {
+  this.runMochaTest(extension_item_tests.TestNames.HtmlInName);
+});
 ////////////////////////////////////////////////////////////////////////////////
 // Extension Detail View Tests

--- a/chrome/test/data/webui/extensions/extension_item_test.js
+++ b/chrome/test/data/webui/extensions/extension_item_test.js
@@ -74,6 +74,7 @@ cr.define('extension_item_tests', function() {
    SourceIndicator: 'source indicator',
    EnableToggle: 'toggle is disabled when necessary',
    RemoveButton: 'remove button hidden when necessary',
+    HtmlInName: 'html in extension name',
  };
  var suiteName = 'ExtensionItemTest';
@@ -322,6 +323,16 @@ cr.define('extension_item_tests', function() {
      Polymer.dom.flush();
      expectTrue(item.$['remove-button'].hidden);
    });
+    test(assert(TestNames.HtmlInName), function() {
+      let name = '<HTML> in the name!';
+      item.set('data.name', name);
+      Polymer.dom.flush();
+      assertEquals(name, item.$.name.textContent.trim());
+      // "Related to $1" is IDS_MD_EXTENSIONS_EXTENSION_A11Y_ASSOCIATION.
+      assertEquals(
+          `Related to ${name}`, item.$.a11yAssociation.textContent.trim());
+    });
  });
  return {