fix ResponseSerializer url to handle about:config type urls

RESOLVED FIXED

Status

Input Graveyard
Submission
RESOLVED FIXED
3 years ago
11 months ago

People

(Reporter: willkg, Assigned: willkg)

Tracking

Details

(Whiteboard: u=user c=api p=2 s=input.2014q3)

The ResponseSerializer url field is a URLField which rejects about:config and urls like that.

It shouldn't. That's naughty.

This bug covers making that stop.
Hi Will,

Can you also test for chrome:// url as well.
I'm on PTO Monday through Wednesday, but I'll get to this when I get back.
Assignee: nobody → willkg
To sum up, we need to add support for:

1. about: urls
2. chrome:// urls

It looks like we've got some JS that restricts URLs to http/https/ftp urls in fjord/feedback/static/js/generic_feedback.js .

I think we should fix this across the board so that we accept the following url schemes:

1. protocol-less. e.g. example.com
2. http/https: e.g. http://example.com
3. ftp: e.g. ftp://example.com
4. about: e.g. about:mozilla
5. chrome: e.g. chrome://foo

That covers the following places:

1. generic feedback form (client-side field validation, server-side field validation)
2. Input API (server-side field validation)
Most of it is in a PR: https://github.com/mozilla/fjord/pull/338

The outstanding part is redoing the client-side field validation for the generic feedback form to also support about: and chrome:// urls. That's mostly a "for consistency sake" issue. We could push that work off since it doesn't affect the Input API at all.
Everything except the outstanding stuff landed in master in: https://github.com/mozilla/fjord/commit/0892546f8b32bfa36606bb20660538cac819d876
Pushed this to prod just now.

Outstanding things:

1. rewrite the client-side url field validation for the generic feedback form
Whiteboard: u=user c=api p= s=input.2013q3 → u=user c=api p=2 s=input.2013q3
Oops--this got put in the wrong sprint so I missed it last quarter. Tossing it in this quarter's sprint.
Whiteboard: u=user c=api p=2 s=input.2013q3 → u=user c=api p=2 s=input.2014q4
On second thought, I'm switching this back to last quarter and spinning off a new bug for the outstanding work since this bug is really API-specific.

Marking as FIXED.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Whiteboard: u=user c=api p=2 s=input.2014q4 → u=user c=api p=2 s=input.2014q3
Product: Input → Input Graveyard
You need to log in before you can comment on or make changes to this bug.