No description provided.
Assignee: nobody → evilpies
Status: NEW → ASSIGNED
I am basically convinced we can remove this here and now. We have almost no uses in the browser and very low add-on usage. No other browser implements this either.
5 years ago
Attachment #8527033 - Flags: review?(jorendorff)
Attachment #8527033 - Flags: review?(jorendorff) → review+
Comment on attachment 8532044 [details] [diff] [review] v2 - Remove quote browser/mobile usage I believe pref names are relatively sane, so we don't need to escape anything.
Attachment #8532044 - Attachment description: remove-quote-browser → v2 - Remove quote browser/mobile usage
Comment on attachment 8532044 [details] [diff] [review] v2 - Remove quote browser/mobile usage Review of attachment 8532044 [details] [diff] [review]: ----------------------------------------------------------------- ::: mobile/android/chrome/content/config.js @@ +86,5 @@ > return; > } > > // If item already in list, it's being changed, else added > + let item = document.querySelector(".pref-item[name=\"" + aPrefName + "\"]"); I'm not particularly happy removing this quoting without figuring out an alternative: finding another escaping method, or mapping keys in a more sophisticated way that doesn't require escaping. I tested. about:config allows me to create prefs with backslashes and quotes in their names, and there is certainly an extant pattern to have computed pref names like: firstname.lastname@example.org or urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/getkey?client=navclient-auto-ffox2.0& In short: this is a change you need to _prove_ is safe, because I see nothing to suggest that it won't break.
Attachment #8532044 - Flags: review?(rnewman) → review-
Okay let's use CSS.escape there as well. I indeed didn't consider this case. I don't consider about:config to be critical anyway. CSS.escape(' \\"') gives "\ \\\\""
Attachment #8532111 - Flags: review?(rnewman) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Added to the compat doc: https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility
You need to log in before you can comment on or make changes to this bug.