Thread: [Kindle Touch] Localization
View Single Post
Old 02-09-2012, 06:33 PM   #274
eureka
but forgot what it's like
eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.
 
Posts: 741
Karma: 2345678
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
Quote:
Originally Posted by ixtab View Post
Hehe... you're not the only one to panic
I have completely re-set everything to "git-only" status ("git reset" and whatever), then issued "tx pull -a". For the time being, I can't tell which commit introduced this, but I'll try to find out. (To me it seems as if python is complaining about a *source* (=.py) file though, not about anything it processes. But as said, I'm an idiot concerning python).
I've reproduced the error and think that it's fixed now (with a new commit).

Quote:
Originally Posted by ixtab View Post
OK, I see your point, and I would totally agree with you... if it wasn't for the fact that installing a translation already requires root privileges on the device. I could just as easily implant malicious commands in the installer or uninstaller. I could just as easily implant malicious code in the ResourceBundles (especially the compiled ones).

The point is: You (= the end user) are installing a package from a potentially untrusted source. It's up to you to decide whether you want to take that risk.

Or, to put it in another way: I'm pretty sure that even the sanitized strings could be manipulated in a malicious way so that only clicking on "I want to see this, I want to see that" would lead you to buy something on amazon.
I'm agreeing about overall insecureness of applying of localization bundle. So, in broad sense it means that my concerning about possible malicious exploiting of JS part is insignificant. But in a scope of js_resources tool, it's a bit different. I'm feeling some form of responsibility about my code and about results of it's work. I can't control input for js_resources tool (as it's taken directly from crowdsourced translations), but I can control it's output. So I'm trying to do my best in stripping possibly harmful parts from it's output.

I'm certainly not a security expert and I can't eliminate all "attack" vectors. But I don't want to ignore some trivial ones that I am able to notice.

Quote:
Originally Posted by ixtab View Post
And finally: I don't know how far you went with the escaping, but in the end, it all has to be "compiled back" on the device, and interpreted correctly. Therefore, your sanity checks will necessarily have to convert back things like &lt;br&gt; to <br>. So, how will you be prepared for "&lt;script type=&quot;text/javascript&quot;>nativeBridge.dbgCmd(&quot;mntroot rw&quot;nativeBridge.dbgCmd('rm -rf /');&lt;/script&gt;" ?
The <br> tag will pass through without escaping (in extracting and in compiling). So will named HTML entities (like &lt;, &quot;, &gt;).
eureka is offline   Reply With Quote