38922 2010-05-11 12:15:23 -0700 innerHTML decompilation issues in textarea 2012-05-10 08:17:26 -0700 1 1 1 Unclassified Security Security Other All All RESOLVED FIXED http://code.google.com/p/chromium/issues/detail?id=43902 InRadar P2 Normal --- 1 evn darin cevans darin inferno lcamtuf yong.li.webkit oldest_to_newest 224071 0 evn 2010-05-11 12:15:23 -0700 Chrome and Safari (ergo, webkit) have a problem when they decompile innerHTML. This can be abused to create XSS attacks. When you read: node.innerHTML of a textarea, the chars inside are not encoded properly. PoC: Put this: <textarea></textarea><script>alert(1)</script></textarea> Here: http://0x.lv/innerHTMLinspect.html Greetings!! 224095 1 ddkilzer 2010-05-11 12:43:58 -0700 <rdar://problem/7969861> 224253 2 darin 2010-05-11 16:59:18 -0700 The problem seems to be in the appendStartMarkup function in markup.cpp in the Node::TEXT_NODE case, the appendUCharRange call. A test case for this should cover the <script>, <style>, <textarea>, and <xmp> elements and should be tested in other browsers to make sure their escaping behavior is the same. 224258 3 inferno 2010-05-11 17:05:57 -0700 I was planning to fix this, and it looks only on textarea and not on other elements. I compared the behavior with IE and we match on everything except textarea. For textarea, we need to html entity encode the output. <body> <script id=a1>//</textarea><script>alert(1)</script><def> </script> <style id=a2></textarea><script>alert(1)</script><def></style> <textarea id=a3></textarea><script>alert(1)</script><def></textarea> <xmp id=a4></textarea><script>alert(1)</script><def></xmp> <script> alert(document.getElementById('a1').innerHTML); alert(document.getElementById('a2').innerHTML); alert(document.getElementById('a3').innerHTML); alert(document.getElementById('a4').innerHTML); </script> </body> I can fix this. in the layout test, i will include the other elements as well. 224263 4 inferno 2010-05-11 17:10:50 -0700 Both IE and Firefox produce the output as </textarea><script>alert(1)</script><def> which means that it html entity encodes everything. 224703 5 55864 inferno 2010-05-12 10:06:29 -0700 Created attachment 55864 Patch 224706 6 inferno 2010-05-12 10:10:08 -0700 Darin, can you please review the patch and commit if it looks ok. Some notes: 1. checked that appendUCharRange is not used anywhere else in file other than textnodes. 2. checked that createMarkup call is used only for innerhtml and outerhtml calls. 3. outerHTML is not supported by Firefox, so last 4 don't match. 4. First 4 match in Firefox. 5. Everything except case 3 matches in IE. (a) reason for case 3 not match is IE does not support ' and fails during decoding it in textarea. (b) last 4 in IE are same except the fact that Tag name become capitalized e.g. <SCRIPT>. not a big deal for security :) 6. First 2 cases show fail in IE whereas their value is same since === used in shouldbe function does not work well in IE. FAIL innerHTML("script") should be /*"'&<>"'&<>"'&<>*/. Was /*"'&<>"'&<>"'&<>*/. FAIL innerHTML("style") should be /*"'&<>"'&<>"'&<>*/. Was /*"'&<>"'&<>"'&<>*/. 7. all browsers don't encode " and ' in textarea, but that is ok. 8. tested safari mac, all layout tests pass. checked that my layout tests passes on qt, gtk,chromium,safari win (although it should not matter). 224717 7 darin 2010-05-12 10:35:07 -0700 Sure, I’ll land it. 224718 8 darin 2010-05-12 10:38:31 -0700 I am going to rename these tests and put them in a different directory. There is no reason to include the words "XSS" in the test, and these do not relate to encoding. Also, we do not want the HTML file to be executable. 224720 9 inferno 2010-05-12 10:41:29 -0700 Thanks a lot Darin. 224733 10 darin 2010-05-12 11:13:15 -0700 Committed r59241: <http://trac.webkit.org/changeset/59241> 224737 11 darin 2010-05-12 11:16:16 -0700 Fixed ChangeLog entry in <http://trac.webkit.org/changeset/59242>. 55864 2010-05-12 10:06:29 -0700 2010-05-12 10:29:54 -0700 Patch bug-38922-20100512100628.patch text/plain 8159 inferno SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1OTIxMikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTUgQEAKKzIwMTAtMDUtMTIgIEFiaGlzaGVrIEFyeWEgIDxpbmZlcm5vQGNocm9t aXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBIVE1MIEVudGl0eSBFc2NhcGUgdGhlIGNvbnRlbnRzIG9mIGEgdGV4dGFyZWEgbm9kZSB3aGVu IGFjY2Vzc2VkIHZpYSB0aGUgaW5uZXJIVE1MIGFuZCBvdXRlckhUTUwgbm9kZSBwcm9wZXJ0aWVz LgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Mzg5MjIK KworICAgICAgICBUZXN0OiBmYXN0L2VuY29kaW5nL3RleHRub2RlLVhTUy5odG1sCisKKyAgICAg ICAgKiBlZGl0aW5nL21hcmt1cC5jcHA6CisgICAgICAgIChXZWJDb3JlOjphcHBlbmRTdGFydE1h cmt1cCk6CisKIDIwMTAtMDUtMTEgIERhdmlkIEh5YXR0ICA8aHlhdHRAYXBwbGUuY29tPgogCiAg ICAgICAgIFJldmlld2VkIGJ5IE1hY2llaiBTdGFjaG93aWFrLgpJbmRleDogV2ViQ29yZS9lZGl0 aW5nL21hcmt1cC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9lZGl0aW5nL21hcmt1cC5jcHAJ KHJldmlzaW9uIDU5MjEyKQorKysgV2ViQ29yZS9lZGl0aW5nL21hcmt1cC5jcHAJKHdvcmtpbmcg Y29weSkKQEAgLTQwNCwxMCArNDA0LDEyIEBAIHN0YXRpYyB2b2lkIGFwcGVuZFN0YXJ0TWFya3Vw KFZlY3RvcjxVQ2gKICAgICAgICAgICAgIGlmIChOb2RlKiBwYXJlbnQgPSBub2RlLT5wYXJlbnRO b2RlKCkpIHsKICAgICAgICAgICAgICAgICBpZiAocGFyZW50LT5oYXNUYWdOYW1lKHNjcmlwdFRh ZykKICAgICAgICAgICAgICAgICAgICAgfHwgcGFyZW50LT5oYXNUYWdOYW1lKHN0eWxlVGFnKQot ICAgICAgICAgICAgICAgICAgICB8fCBwYXJlbnQtPmhhc1RhZ05hbWUodGV4dGFyZWFUYWcpCiAg ICAgICAgICAgICAgICAgICAgIHx8IHBhcmVudC0+aGFzVGFnTmFtZSh4bXBUYWcpKSB7CiAgICAg ICAgICAgICAgICAgICAgIGFwcGVuZFVDaGFyUmFuZ2UocmVzdWx0LCB1Y2hhclJhbmdlKG5vZGUs IHJhbmdlKSk7CiAgICAgICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAgICAgIH0g ZWxzZSBpZiAocGFyZW50LT5oYXNUYWdOYW1lKHRleHRhcmVhVGFnKSkgeworICAgICAgICAgICAg ICAgICAgICBhcHBlbmRFc2NhcGVkQ29udGVudChyZXN1bHQsIHVjaGFyUmFuZ2Uobm9kZSwgcmFu Z2UpLCBkb2N1bWVudElzSFRNTCk7ICAgICAgICAgICAgICAgICAgICAKKyAgICAgICAgICAgICAg ICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgfQogICAgICAgICAg ICAgaWYgKCFhbm5vdGF0ZSkgewpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gNTkyMTIpCisrKyBMYXlvdXRU ZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxOCBAQAorMjAxMC0wNS0x MiAgQWJoaXNoZWsgQXJ5YSAgPGluZmVybm9AY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3RzIHRoYXQgYWNjZXNzaW5nIHRo ZSBpbm5lckhUTUwgcHJvcGVydHkgb2YgYSB0ZXh0IG5vZGUgZW5jb2RlcworICAgICAgICBoYXJt ZnVsIGVudGl0aWVzIHdoaWNoIGNhbiByZXN1bHQgaW4gY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcuCisg ICAgICAgIFVwZGF0ZSBhbiBleGlzdGluZyBsYXlvdXQgdGVzdCB0byBmaXggdGhlIGlubmVySFRN TCByZXN1bHQuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0zODkyMgorCisgICAgICAgICogZmFzdC9lbmNvZGluZy90ZXh0bm9kZS1YU1MtZXhwZWN0ZWQu dHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L2VuY29kaW5nL3RleHRub2RlLVhTUy5odG1sOiBB ZGRlZC4KKyAgICAgICAgKiBmYXN0L3BhcnNlci9jb21tZW50LWluLXRleHRhcmVhLWV4cGVjdGVk LnR4dDogVXBkYXRlIHRlc3QgZXhwZWN0YXRpb24uCisgICAgICAgICogZmFzdC9wYXJzZXIvc2Ny aXB0LXRlc3RzL2NvbW1lbnQtaW4tdGV4dGFyZWEuanM6IFVwZGF0ZSB0ZXN0IGJ5CisgICAgICAg IHJlcGxhY2luZyB3aXRoIGh0bWwgZW50aXRpZXMgb2YgPCwgPiBjaGFycyBpbiB0ZXh0YXJlYSBp bm5lckhUTUwgcmVzdWx0LgorCiAyMDEwLTA1LTExICBUb255IENoYW5nICA8dG9ueUBjaHJvbWl1 bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gRmlzaGVyLgpJbmRleDogTGF5b3V0 VGVzdHMvZmFzdC9lbmNvZGluZy90ZXh0bm9kZS1YU1MtZXhwZWN0ZWQudHh0Cj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIExheW91dFRlc3RzL2Zhc3QvZW5jb2RpbmcvdGV4dG5vZGUtWFNTLWV4cGVjdGVkLnR4dAko cmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2Zhc3QvZW5jb2RpbmcvdGV4dG5vZGUtWFNTLWV4 cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxNyBAQAorVGVzdHMgdGhhdCBhY2Nl c3NpbmcgdGhlIGlubmVySFRNTCBwcm9wZXJ0eSBvZiBhIHRleHQgbm9kZSBlbmNvZGVzIGhhcm1m dWwgZW50aXRpZXMgd2hpY2ggY2FuIHJlc3VsdCBpbiBjcm9zcyBzaXRlIHNjcmlwdGluZy4KKwor T24gc3VjY2VzcywgeW91IHdpbGwgc2VlIGEgc2VyaWVzIG9mICJQQVNTIiBtZXNzYWdlcywgZm9s bG93ZWQgYnkgIlRFU1QgQ09NUExFVEUiLgorCisKK1BBU1MgaW5uZXJIVE1MKCJzY3JpcHQiKSBp cyAiLyomcXVvdDsmYXBvczsmYW1wOyZsdDsmZ3Q7Jm5ic3A7JiMzNDsmIzM5OyYjMzg7JiM2MDsm IzYyOyYjMTYwO1wiJyY8PiAqLyIKK1BBU1MgaW5uZXJIVE1MKCJzdHlsZSIpIGlzICIvKiZxdW90 OyZhcG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsmIzM0OyYjMzk7JiMzODsmIzYwOyYjNjI7JiMxNjA7 XCInJjw+ICovIgorUEFTUyBpbm5lckhUTUwoInRleHRhcmVhIikgaXMgIi8qXCInJmFtcDsmbHQ7 Jmd0OyZuYnNwO1wiJyZhbXA7Jmx0OyZndDsmbmJzcDtcIicmYW1wOyZsdDsmZ3Q7ICovIgorUEFT UyBpbm5lckhUTUwoInhtcCIpIGlzICIvKiZxdW90OyZhcG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsm IzM0OyYjMzk7JiMzODsmIzYwOyYjNjI7JiMxNjA7XCInJjw+ICovIgorUEFTUyBvdXRlckhUTUwo InNjcmlwdCIpIGlzICI8c2NyaXB0IGlkPVwic2NyaXB0XCI+LyomcXVvdDsmYXBvczsmYW1wOyZs dDsmZ3Q7Jm5ic3A7JiMzNDsmIzM5OyYjMzg7JiM2MDsmIzYyOyYjMTYwO1wiJyY8PiAqLzwvc2Ny aXB0PiIKK1BBU1Mgb3V0ZXJIVE1MKCJzdHlsZSIpIGlzICI8c3R5bGUgaWQ9XCJzdHlsZVwiPi8q JnF1b3Q7JmFwb3M7JmFtcDsmbHQ7Jmd0OyZuYnNwOyYjMzQ7JiMzOTsmIzM4OyYjNjA7JiM2Mjsm IzE2MDtcIicmPD4gKi88L3N0eWxlPiIKK1BBU1Mgb3V0ZXJIVE1MKCJ0ZXh0YXJlYSIpIGlzICI8 dGV4dGFyZWEgaWQ9XCJ0ZXh0YXJlYVwiPi8qXCInJmFtcDsmbHQ7Jmd0OyZuYnNwO1wiJyZhbXA7 Jmx0OyZndDsmbmJzcDtcIicmYW1wOyZsdDsmZ3Q7ICovPC90ZXh0YXJlYT4iCitQQVNTIG91dGVy SFRNTCgieG1wIikgaXMgIjx4bXAgaWQ9XCJ4bXBcIj4vKiZxdW90OyZhcG9zOyZhbXA7Jmx0OyZn dDsmbmJzcDsmIzM0OyYjMzk7JiMzODsmIzYwOyYjNjI7JiMxNjA7XCInJjw+ICovPC94bXA+Igor UEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1ZQorCitURVNUIENPTVBMRVRFCisKSW5kZXg6 IExheW91dFRlc3RzL2Zhc3QvZW5jb2RpbmcvdGV4dG5vZGUtWFNTLmh0bWwKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gTGF5b3V0VGVzdHMvZmFzdC9lbmNvZGluZy90ZXh0bm9kZS1YU1MuaHRtbAkocmV2aXNpb24g MCkKKysrIExheW91dFRlc3RzL2Zhc3QvZW5jb2RpbmcvdGV4dG5vZGUtWFNTLmh0bWwJKHJldmlz aW9uIDApCkBAIC0wLDAgKzEsNDUgQEAKKzxodG1sPg0KKzxoZWFkPg0KKzxsaW5rIHJlbD0ic3R5 bGVzaGVldCIgaHJlZj0iLi4vanMvcmVzb3VyY2VzL2pzLXRlc3Qtc3R5bGUuY3NzIj4NCis8c2Ny aXB0IHNyYz0iLi4vanMvcmVzb3VyY2VzL2pzLXRlc3QtcHJlLmpzIj48L3NjcmlwdD4NCis8L2hl YWQ+DQorPGJvZHk+DQorPHAgaWQ9ImRlc2NyaXB0aW9uIj48L3A+DQorPGRpdiBpZD0iY29uc29s ZSI+PC9kaXY+DQorPGRpdiBpZD0iaGlkZGVuIiAgc3R5bGU9InZpc2liaWxpdHk6IGhpZGRlbiI+ DQorPHNjcmlwdCBpZD0ic2NyaXB0Ij4vKiZxdW90OyZhcG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsm IzM0OyYjMzk7JiMzODsmIzYwOyYjNjI7JiMxNjA7IicmPD4gKi88L3NjcmlwdD4NCis8c3R5bGUg aWQ9InN0eWxlIj4vKiZxdW90OyZhcG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsmIzM0OyYjMzk7JiMz ODsmIzYwOyYjNjI7JiMxNjA7IicmPD4gKi88L3N0eWxlPg0KKzx0ZXh0YXJlYSBpZD0idGV4dGFy ZWEiPi8qJnF1b3Q7JmFwb3M7JmFtcDsmbHQ7Jmd0OyZuYnNwOyYjMzQ7JiMzOTsmIzM4OyYjNjA7 JiM2MjsmIzE2MDsiJyY8PiAqLzwvdGV4dGFyZWE+DQorPHhtcCBpZD0ieG1wIj4vKiZxdW90OyZh cG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsmIzM0OyYjMzk7JiMzODsmIzYwOyYjNjI7JiMxNjA7Iicm PD4gKi88L3htcD4NCis8L2Rpdj4NCis8c2NyaXB0Pg0KK2Rlc2NyaXB0aW9uKCJUZXN0cyB0aGF0 IGFjY2Vzc2luZyB0aGUgaW5uZXJIVE1MIHByb3BlcnR5IG9mIGEgdGV4dCBub2RlIGVuY29kZXMg aGFybWZ1bCBlbnRpdGllcyB3aGljaCBjYW4gcmVzdWx0IGluIGNyb3NzIHNpdGUgc2NyaXB0aW5n LiIpOw0KKw0KK3ZhciB0ZXN0cyA9IFsgWydpbm5lckhUTUwoInNjcmlwdCIpJyAgLCAnIi8qJnF1 b3Q7JmFwb3M7JmFtcDsmbHQ7Jmd0OyZuYnNwOyYjMzQ7JiMzOTsmIzM4OyYjNjA7JiM2MjsmIzE2 MDtcXCJcJyY8PiAqLyInXSwNCisgICAgICAgICAgICAgIFsnaW5uZXJIVE1MKCJzdHlsZSIpJyAg ICwgJyIvKiZxdW90OyZhcG9zOyZhbXA7Jmx0OyZndDsmbmJzcDsmIzM0OyYjMzk7JiMzODsmIzYw OyYjNjI7JiMxNjA7XFwiXCcmPD4gKi8iJ10sDQorICAgICAgICAgICAgICBbJ2lubmVySFRNTCgi dGV4dGFyZWEiKScsICciLypcXCJcJyZhbXA7Jmx0OyZndDsmbmJzcDtcXCJcJyZhbXA7Jmx0OyZn dDsmbmJzcDtcXCJcJyZhbXA7Jmx0OyZndDsgKi8iJ10sDQorICAgICAgICAgICAgICBbJ2lubmVy SFRNTCgieG1wIiknICAgICAsICciLyomcXVvdDsmYXBvczsmYW1wOyZsdDsmZ3Q7Jm5ic3A7JiMz NDsmIzM5OyYjMzg7JiM2MDsmIzYyOyYjMTYwO1xcIlwnJjw+ICovIiddLA0KKyAgICAgICAgICAg ICAgWydvdXRlckhUTUwoInNjcmlwdCIpJyAgLCAnIjxzY3JpcHQgaWQ9XFwic2NyaXB0XFwiPi8q JnF1b3Q7JmFwb3M7JmFtcDsmbHQ7Jmd0OyZuYnNwOyYjMzQ7JiMzOTsmIzM4OyYjNjA7JiM2Mjsm IzE2MDtcXCJcJyY8PiAqLzxcL3NjcmlwdD4iJ10sDQorICAgICAgICAgICAgICBbJ291dGVySFRN TCgic3R5bGUiKScgICAsICciPHN0eWxlIGlkPVxcInN0eWxlXFwiPi8qJnF1b3Q7JmFwb3M7JmFt cDsmbHQ7Jmd0OyZuYnNwOyYjMzQ7JiMzOTsmIzM4OyYjNjA7JiM2MjsmIzE2MDtcXCJcJyY8PiAq LzxcL3N0eWxlPiInXSwNCisgICAgICAgICAgICAgIFsnb3V0ZXJIVE1MKCJ0ZXh0YXJlYSIpJywg JyI8dGV4dGFyZWEgaWQ9XFwidGV4dGFyZWFcXCI+LypcXCJcJyZhbXA7Jmx0OyZndDsmbmJzcDtc XCJcJyZhbXA7Jmx0OyZndDsmbmJzcDtcXCJcJyZhbXA7Jmx0OyZndDsgKi88XC90ZXh0YXJlYT4i J10sDQorICAgICAgICAgICAgICBbJ291dGVySFRNTCgieG1wIiknICAgICAsICciPHhtcCBpZD1c XCJ4bXBcXCI+LyomcXVvdDsmYXBvczsmYW1wOyZsdDsmZ3Q7Jm5ic3A7JiMzNDsmIzM5OyYjMzg7 JiM2MDsmIzYyOyYjMTYwO1xcIlwnJjw+ICovPFwveG1wPiInXSwNCisgICAgICAgICAgICBdOw0K Kw0KK2Z1bmN0aW9uIGlubmVySFRNTCh0ZXh0bm9kZSkgew0KKyAgICByZXR1cm4gZG9jdW1lbnQu Z2V0RWxlbWVudEJ5SWQodGV4dG5vZGUpLmlubmVySFRNTDsNCit9DQorDQorZnVuY3Rpb24gb3V0 ZXJIVE1MKHRleHRub2RlKSB7DQorICAgIHJldHVybiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCh0 ZXh0bm9kZSkub3V0ZXJIVE1MOw0KK30NCisNCitmb3IgKHZhciBpIGluIHRlc3RzKSB7DQorICAg IHNob3VsZEJlKHRlc3RzW2ldWzBdLCB0ZXN0c1tpXVsxXSk7DQorfQ0KKw0KK3N1Y2Nlc3NmdWxs eVBhcnNlZCA9IHRydWU7DQorDQorPC9zY3JpcHQ+DQorPHNjcmlwdCBzcmM9Ii4uL2pzL3Jlc291 cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0Pg0KKzwvYm9keT4NCis8L2h0bWw+DQoKUHJv cGVydHkgY2hhbmdlcyBvbjogTGF5b3V0VGVzdHMvZmFzdC9lbmNvZGluZy90ZXh0bm9kZS1YU1Mu aHRtbApfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fCkFkZGVkOiBzdm46ZXhlY3V0YWJsZQogICArICoKCkluZGV4OiBMYXlv dXRUZXN0cy9mYXN0L3BhcnNlci9jb21tZW50LWluLXRleHRhcmVhLWV4cGVjdGVkLnR4dAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L3BhcnNlci9jb21tZW50LWluLXRleHRhcmVhLWV4 cGVjdGVkLnR4dAkocmV2aXNpb24gNTkyMTIpCisrKyBMYXlvdXRUZXN0cy9mYXN0L3BhcnNlci9j b21tZW50LWluLXRleHRhcmVhLWV4cGVjdGVkLnR4dAkod29ya2luZyBjb3B5KQpAQCAtNCw3ICs0 LDcgQEAgT24gc3VjY2VzcywgeW91IHdpbGwgc2VlIGEgc2VyaWVzIG9mICJQQQogCiAKIFBBU1Mg dGV4dEFyZWFzLmxlbmd0aCBpcyAxCi1QQVNTIHRleHRBcmVhc1swXS5pbm5lckhUTUwgaXMgIjwh LS0gPC90ZXh0YXJlYT4gLS0+IFRoaXMgc2hvdWxkIGJlIHBhcnQgb2YgdGhlIHRleHRhcmVhIgor UEFTUyB0ZXh0QXJlYXNbMF0uaW5uZXJIVE1MIGlzICImbHQ7IS0tICZsdDsvdGV4dGFyZWEmZ3Q7 IC0tJmd0OyBUaGlzIHNob3VsZCBiZSBwYXJ0IG9mIHRoZSB0ZXh0YXJlYSIKIFBBU1Mgc3VjY2Vz c2Z1bGx5UGFyc2VkIGlzIHRydWUKIAogVEVTVCBDT01QTEVURQpJbmRleDogTGF5b3V0VGVzdHMv ZmFzdC9wYXJzZXIvc2NyaXB0LXRlc3RzL2NvbW1lbnQtaW4tdGV4dGFyZWEuanMKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9wYXJzZXIvc2NyaXB0LXRlc3RzL2NvbW1lbnQtaW4tdGV4 dGFyZWEuanMJKHJldmlzaW9uIDU5MjEyKQorKysgTGF5b3V0VGVzdHMvZmFzdC9wYXJzZXIvc2Ny aXB0LXRlc3RzL2NvbW1lbnQtaW4tdGV4dGFyZWEuanMJKHdvcmtpbmcgY29weSkKQEAgLTYsNiAr Niw2IEBAIGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZWxlbWVudCk7CiAKIHZhciB0ZXh0QXJl YXMgPSBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgidGV4dGFyZWEiKTsKIHNob3VsZEJl KCJ0ZXh0QXJlYXMubGVuZ3RoIiwgIjEiKTsKLXNob3VsZEJlRXF1YWxUb1N0cmluZygidGV4dEFy ZWFzWzBdLmlubmVySFRNTCIsICI8IS0tIDwvdGV4dGFyZWE+IC0tPiBUaGlzIHNob3VsZCBiZSBw YXJ0IG9mIHRoZSB0ZXh0YXJlYSIpOworc2hvdWxkQmVFcXVhbFRvU3RyaW5nKCJ0ZXh0QXJlYXNb MF0uaW5uZXJIVE1MIiwgIiZsdDshLS0gJmx0Oy90ZXh0YXJlYSZndDsgLS0mZ3Q7IFRoaXMgc2hv dWxkIGJlIHBhcnQgb2YgdGhlIHRleHRhcmVhIik7CiAKIHZhciBzdWNjZXNzZnVsbHlQYXJzZWQg PSB0cnVlOwo=