Bug 414064 part 1. Mark UTF-7 as being vulnerable to XSS attacks. r=VYV03354@nifty.ne.jp

2024-09-13 09:24:08 -07:00 · 2011-03-28 23:32:11 -04:00 · 2011-03-28 23:32:11 -04:00 · 89c1f9eb32
commit 89c1f9eb32
parent 06e2459b57
1 changed files with 18 additions and 4 deletions
--- a/intl/uconv/src/charsetData.properties
+++ b/intl/uconv/src/charsetData.properties
@ -43,7 +43,7 @@
 ## Format of this file:
 ##
 ## charset_name.notForBrowser = anything  -  specifies that this charset is 
-## not to be used in the browser
+## not to be exposed in the browser charset selection UI
 ## charset_name.notForOutgoing = anything  -  specifies that this charset is 
 ## not to be used for exporting files ('SaveAsCharset' in composer)
 ##
@ -55,25 +55,39 @@
 ##
 ## charset_name.isMultibyte = multi byte charsets

+# notForBrowser falls into four categories:
+#
+# charsets that we need decoders for, that we don't expect ever to appear in
+# web content
+# XXX do we still need to support t.61?
 t.61-8bit.notForBrowser             = true
-x-imap4-modified-utf7.notForBrowser = true
+
+# charsets that are subsets or variants of other charsets. We implement them
+# as aliases to the superset
 windows-936.notForBrowser           = true
 us-ascii.notForBrowser                  = true
 iso-8859-6-e.notForBrowser              = true
 iso-8859-6-i.notForBrowser              = true
 ibm864i.notForBrowser                   = true
+iso-8859-8-e.notForBrowser              = true
+
+# platform charsets that don't appear in web content
 ibm869.notForBrowser                    = true
 ibm1125.notForBrowser                   = true
 ibm1131.notForBrowser                   = true
-iso-8859-8-e.notForBrowser              = true
-utf-7.notForBrowser                     = true
+
+# charset with isXSSVulnerable
 x-mac-arabic.notForBrowser              = true
 x-mac-farsi.notForBrowser               = true
 x-mac-hebrew.notForBrowser              = true
+x-imap4-modified-utf7.notForBrowser     = true
+utf-7.notForBrowser                     = true

 x-mac-arabic.isXSSVulnerable            = true
 x-mac-farsi.isXSSVulnerable             = true
 x-mac-hebrew.isXSSVulnerable            = true
+x-imap4-modified-utf7.isXSSVulnerable   = true
+utf-7.isXSSVulnerable                   = true

 t.61-8bit.notForOutgoing             = true
 utf-7.notForOutgoing                 = true