Why won't my extension for Google Chrome work on this one specific page?

Question

I have been working on an extension for Google Chrome for some time now that allows users to share pages to Facebook using a simple browser action icon. It provides some additional functionality, such as allowing users to search through past links, etc. It has worked almost flawlessly up until I attempted to share one particular page (http://imgur.com/gallery/N0s079c) to my personal Facebook account today today. This is very concerning to me for a number of reasons, as it may mean that a similar problem may happen on additional pages and I want to patch the extension before my users run into it. Here's a (somewhat brief) rundown in how my extension shares links:

• The user clicks the browser action and clicks "share" from a small menu in the popup. The popup page then sends a message using chrome.runtime.sendMessage() to the event page.
• The event page processes the incoming message stream and acts appropriately, calling a function that uses chrome.tabs.query() to get the current tab. It then passes this information on to a function that queries a simple Web SQL database for an exact match of the URL to see if the user has shared it before. If they have, if gives them a basic confirm() dialog before continuing. If they haven't, the link is added to the database before continuing. I've included the code for this section below.
• The extension processes the URL and generates a Facebook Feed dialog.
• The Facebook Feed dialog redirects the user to a server page that either takes the user back to the link they shared or to the new Facebook post, depending on their settings.

When I attempt to share the link mentioned above, however, the extension doesn't do anything. There are no errors in the console for either the event or popup pages. I'm at a loss as to what may be causing it to fail. The only thing I can think of is that it is caused by some edge case bug in the Web SQL query. The way that it is currently set up, an error in the query would cause the code to simply stop executing. It was a basic SELECT column FROM table WHERE expression query that looks for exact matches, so I didn't feel the need to write any error handling in.

I tested several other links on Imgur to see if it was perhaps an issue specific to that site, but that didn't seem to be the case.

Code for Checking Shared Link History/Adding to History

simpleshare.shareLink.checkHistory = function(result) {
simpleshare.backend.database.transaction(function (tx) {
    tx.executeSql('SELECT url FROM history WHERE url=\'' + result[0].url + '\'', [], function(tx, results) {
        if(results.rows.length != 0) {
            reshare = confirm('It appears that you\'ve already shared (or started to share) this link in the past.');
            if (reshare == true) {
                simpleshare.shareLink.share(result);
            };
        };
        if(results.rows.length == 0) {
            var today = new Date();
            var month = today.getMonth();
            var day = today.getDate();
            var year = today.getFullYear();

            if (month == 0) {
                var monthAsWord = 'January';
            };
            if (month == 1) {
                var monthAsWord = 'February';
            };
            if (month == 2) {
                var monthAsWord = 'March';
            };
            if (month == 3) {
                var monthAsWord = 'April';
            };
            if (month == 4) {
                var monthAsWord = 'May';
            };
            if (month == 5) {
                var monthAsWord = 'June';
            };
            if (month == 6) {
                var monthAsWord = 'July';
            };
            if (month == 7) {
                var monthAsWord = 'August';
            };
            if (month == 8) {
                var monthAsWord = 'September';
            };
            if (month == 9) {
                var monthAsWord = 'October';
            };
            if (month == 10) {
                var monthAsWord = 'November';
            };
            if (month == 11) {
                var monthAsWord = 'December';
            };

            var fullDate = monthAsWord + ' ' + day + ', ' + year;

            tx.executeSql('INSERT INTO history VALUES (\'' + fullDate + '\', \'' + result[0].title + '\', \'' + result[0].url + '\')', [], function(tx, results) {
                simpleshare.shareLink.share(result);
            });
        };
    });
});
};

Answer 1

Heh, good question and this is a bit of a guess based on what you've said but I think I can tell you why it's that one page (and I know this because I've hit similar in the past before).

Your insert query:

INSERT INTO history VALUES (\'' + fullDate + '\', \'' + result[0].title + '\', \'' + result[0].url + '\')

Is going resolve to (for that page):

INSERT INTO history VALUES ('April 5, 2014', 'It's a graduated cylinder', 'http://imgur.com/gallery/N0s079c'); 

Which isn't valid, and you can see the problem in the syntax highlighting -- the It's, and specifically the single quote there, is ending that string early and making the rest of the query nonsense.

So, yes, this will happen on other pages, in fact an attacker to could guess what was happening and attempt to compromise the database with a cleverly crafted page title.

The lesson here is to sanitize anything you're using as an input to a SQL query. Actually never trust any input and validate/sanitize it on principal anyway.

Second lesson, and one I've failed to learn many times, if something can return an error -- catch it and do something with it.

Hope that helps.