Ensure image diff data URLs are accepted by goog.html.SafeUrl
While browsers seem to be lenient about a space between MIME type and
data, goog.html.SafeUrl and possibly other sanitizers will not consider
this a valid data URL when checking templates for XSS vulnerabilities.
Change-Id: I0ad43c371fbcdaf9ef348550a3f80eb6ee3fcbfe
diff --git a/polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder-image.ts b/polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder-image.ts
index 30b9291..650a9e7 100644
--- a/polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder-image.ts
+++ b/polygerrit-ui/app/elements/diff/gr-diff-builder/gr-diff-builder-image.ts
@@ -104,7 +104,7 @@
private _getImageSrc(image: ImageInfo | null): string {
return image && IMAGE_MIME_PATTERN.test(image.type)
- ? `data:${image.type};base64, ${image.body}`
+ ? `data:${image.type};base64,${image.body}`
: '';
}
diff --git a/polygerrit-ui/app/elements/diff/gr-diff-host/gr-diff-host_test.js b/polygerrit-ui/app/elements/diff/gr-diff-host/gr-diff-host_test.js
index d31d934..5e1b5ff 100644
--- a/polygerrit-ui/app/elements/diff/gr-diff-host/gr-diff-host_test.js
+++ b/polygerrit-ui/app/elements/diff/gr-diff-host/gr-diff-host_test.js
@@ -404,7 +404,7 @@
leftImage.addEventListener('load', () => {
assert.isOk(leftImage);
assert.equal(leftImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile1.body);
+ 'data:image/bmp;base64,' + mockFile1.body);
assert.equal(leftLabelContent.textContent, '1×1 image/bmp');
leftLoaded = true;
if (rightLoaded) {
@@ -416,7 +416,7 @@
rightImage.addEventListener('load', () => {
assert.isOk(rightImage);
assert.equal(rightImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile2.body);
+ 'data:image/bmp;base64,' + mockFile2.body);
assert.equal(rightLabelContent.textContent, '1×1 image/bmp');
rightLoaded = true;
@@ -495,7 +495,7 @@
leftImage.addEventListener('load', () => {
assert.isOk(leftImage);
assert.equal(leftImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile1.body);
+ 'data:image/bmp;base64,' + mockFile1.body);
assert.equal(leftLabelContent.textContent, '1×1 image/bmp');
leftLoaded = true;
if (rightLoaded) {
@@ -507,7 +507,7 @@
rightImage.addEventListener('load', () => {
assert.isOk(rightImage);
assert.equal(rightImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile2.body);
+ 'data:image/bmp;base64,' + mockFile2.body);
assert.equal(rightLabelContent.textContent, '1×1 image/bmp');
rightLoaded = true;
diff --git a/polygerrit-ui/app/elements/diff/gr-diff-image-viewer/gr-image-viewer.ts b/polygerrit-ui/app/elements/diff/gr-diff-image-viewer/gr-image-viewer.ts
index a650f68..643a696 100644
--- a/polygerrit-ui/app/elements/diff/gr-diff-image-viewer/gr-image-viewer.ts
+++ b/polygerrit-ui/app/elements/diff/gr-diff-image-viewer/gr-image-viewer.ts
@@ -51,10 +51,6 @@
// URL for the image to use as revision.
@property({type: String}) revisionUrl = '';
- @internalProperty() protected baseImage?: HTMLImageElement;
-
- @internalProperty() protected revisionImage?: HTMLImageElement;
-
@internalProperty() protected baseSelected = true;
@internalProperty() protected scaledSelected = true;
diff --git a/polygerrit-ui/app/elements/diff/gr-diff/gr-diff_test.js b/polygerrit-ui/app/elements/diff/gr-diff/gr-diff_test.js
index 48e009b..53a2915 100644
--- a/polygerrit-ui/app/elements/diff/gr-diff/gr-diff_test.js
+++ b/polygerrit-ui/app/elements/diff/gr-diff/gr-diff_test.js
@@ -208,7 +208,7 @@
leftImage.addEventListener('load', () => {
assert.isOk(leftImage);
assert.equal(leftImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile1.body);
+ 'data:image/bmp;base64,' + mockFile1.body);
assert.equal(leftLabelContent.textContent, '1\u00d71 image/bmp');// \u00d7 - '×'
leftLoaded = true;
if (rightLoaded) {
@@ -220,7 +220,7 @@
rightImage.addEventListener('load', () => {
assert.isOk(rightImage);
assert.equal(rightImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile2.body);
+ 'data:image/bmp;base64,' + mockFile2.body);
assert.equal(rightLabelContent.textContent, '1\u00d71 image/bmp');// \u00d7 - '×'
rightLoaded = true;
@@ -302,7 +302,7 @@
leftImage.addEventListener('load', () => {
assert.isOk(leftImage);
assert.equal(leftImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile1.body);
+ 'data:image/bmp;base64,' + mockFile1.body);
assert.equal(leftLabelContent.textContent, '1\u00d71 image/bmp');// \u00d7 - '×'
leftLoaded = true;
if (rightLoaded) {
@@ -314,7 +314,7 @@
rightImage.addEventListener('load', () => {
assert.isOk(rightImage);
assert.equal(rightImage.getAttribute('src'),
- 'data:image/bmp;base64, ' + mockFile2.body);
+ 'data:image/bmp;base64,' + mockFile2.body);
assert.equal(rightLabelContent.textContent, '1\u00d71 image/bmp');// \u00d7 - '×'
rightLoaded = true;
