Changeset 102793 in webkit


Ignore:
Timestamp:
Dec 14, 2011 9:48:26 AM (12 years ago)
Author:
vsevik@chromium.org
Message:

Web Inspector: DatabaseTableView should escape table name.
https://bugs.webkit.org/show_bug.cgi?id=74503

Reviewed by Pavel Feldman.

Source/WebCore:

Test: inspector/database-table-name-excaping.html

  • inspector/front-end/DatabaseTableView.js:

(WebInspector.DatabaseTableView.prototype._escapeTableName):
(WebInspector.DatabaseTableView.prototype.update):

LayoutTests:

  • inspector/database-table-name-excaping-expected.txt: Added.
  • inspector/database-table-name-excaping.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r102792 r102793  
     12011-12-14  Vsevolod Vlasov  <vsevik@chromium.org>
     2
     3        Web Inspector: DatabaseTableView should escape table name.
     4        https://bugs.webkit.org/show_bug.cgi?id=74503
     5
     6        Reviewed by Pavel Feldman.
     7
     8        * inspector/database-table-name-excaping-expected.txt: Added.
     9        * inspector/database-table-name-excaping.html: Added.
     10
    1112011-12-14  João Paulo Rechi Vita  <jprvita@openbossa.org>
    212

  • trunk/Source/WebCore/ChangeLog

    r102791 r102793  
     12011-12-14  Vsevolod Vlasov  <vsevik@chromium.org>
     2
     3        Web Inspector: DatabaseTableView should escape table name.
     4        https://bugs.webkit.org/show_bug.cgi?id=74503
     5
     6        Reviewed by Pavel Feldman.
     7
     8        Test: inspector/database-table-name-excaping.html
     9
     10        * inspector/front-end/DatabaseTableView.js:
     11        (WebInspector.DatabaseTableView.prototype._escapeTableName):
     12        (WebInspector.DatabaseTableView.prototype.update):
     13
    1142011-12-14  Philippe Normand  <pnormand@igalia.com>
    215

  • trunk/Source/WebCore/inspector/front-end/DatabaseTableView.js

    r98550 r102793  
    5353    },
    5454
     55    /**
     56     * @param {string} tableName
     57     * @return {string}
     58     */
     59    _escapeTableName: function(tableName)
     60    {
     61        return tableName.replace(/\"/g, "\"\"");
     62    },
     63   
    5564    update: function()
    5665    {
    57         this.database.executeSql("SELECT * FROM " + this.tableName, this._queryFinished.bind(this), this._queryError.bind(this));
     66        this.database.executeSql("SELECT * FROM \"" + this._escapeTableName(this.tableName) + "\"", this._queryFinished.bind(this), this._queryError.bind(this));
    5867    },
    5968
Note: See TracChangeset for help on using the changeset viewer.