[Backport] CVE-2025-6557: Insufficient data validation in DevTools

danilsomsikov · mibrunin · commit 16f89e0bf9e8 · 2025-07-08T12:43:04.000Z
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/6573473: Also handle sole carriage return character (CR) when escaping curl command. Bug: 406631048 Change-Id: I947dbf54d290ada4424bfbfcc817e1e7244bf438 Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/6573473 Auto-Submit: Danil Somsikov <dsv@chromium.org> Commit-Queue: Danil Somsikov <dsv@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/659333 Reviewed-by: Moss Heim <moss.heim@qt.io>
diff --git a/chromium/third_party/devtools-frontend/src/front_end/panels/network/NetworkLogView.ts b/chromium/third_party/devtools-frontend/src/front_end/panels/network/NetworkLogView.ts
@@ -2401,7 +2401,7 @@ export class NetworkLogView extends Common.ObjectWrapper.eventMixin<EventTypes,
               .replace(/"/g, '\\"')
               .replace(/[^a-zA-Z0-9\s_\-:=+~'\/.',?;()*`]/g, '^$&')
               .replace(/%(?=[a-zA-Z0-9_])/g, '%^')
-              .replace(/\r?\n/g, '^\n\n') +
+              .replace(/\r?\n|\r/g, '^\n\n') +
           encapsChars;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -2401,7 +2401,7 @@ export class NetworkLogView extends Common.ObjectWrapper.eventMixin<EventTypes,`
`2401`	`2401`	`.replace(/"/g, '\\"')`
`2402`	`2402`	.replace(/[^a-zA-Z0-9\s_\-:=+~'\/.',?;()*`]/g, '^$&')
`2403`	`2403`	`.replace(/%(?=[a-zA-Z0-9_])/g, '%^')`
`2404`		`- .replace(/\r?\n/g, '^\n\n') +`
	`2404`	`+ .replace(/\r?\n\|\r/g, '^\n\n') +`
`2405`	`2405`	`encapsChars;`
`2406`	`2406`	`}`
`2407`	`2407`