Closed
Bug 1180418
Opened 9 years ago
Closed 9 years ago
Search terms aren't escaped
Categories
(Firefox for iOS :: Home screen, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
fxios | + | --- |
People
(Reporter: rnewman, Assigned: karim)
Details
Attachments
(1 file)
Type "AT&T". Search. Observe that the string appears literally in the url, and thus the search is for "AT".
Reporter | ||
Updated•9 years ago
|
tracking-fxios:
--- → +
Updated•9 years ago
|
Assignee: nobody → bnicholson
Status: NEW → ASSIGNED
Updated•9 years ago
|
Assignee: bnicholson → kbenhmida
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8630615 -
Flags: review?(bnicholson)
Comment 2•9 years ago
|
||
Comment on attachment 8630615 [details] [review] Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/682 It looks like this still allows other characters that should be encoded, such as "+" and "?". Rather than starting with all valid query characters and blacklisting specific ones, I'd create a whitelist from the ground up that includes only allowable characters. According to Wikipedia [1]: Letters (A–Z and a–z), numbers (0–9) and the characters '*','-','.' and '_' are left as-is. All other characters are encoded. So how about we create a custom character set with just those characters? [1] https://en.wikipedia.org/wiki/Query_string#URL_encoding
Attachment #8630615 -
Flags: review?(bnicholson) → feedback+
Assignee | ||
Updated•9 years ago
|
Attachment #8630615 -
Flags: feedback+ → review?(bnicholson)
Comment 3•9 years ago
|
||
Comment on attachment 8630615 [details] [review] Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/682 r=me with hardcoded string extracted.
Attachment #8630615 -
Flags: review?(bnicholson) → review+
Assignee | ||
Comment 4•9 years ago
|
||
Comment on attachment 8630615 [details] [review] Link to Github pull-request: https://github.com/mozilla/firefox-ios/pull/682 Harcoded string extracted. r=bnicholson
Assignee | ||
Comment 5•9 years ago
|
||
Commit 2634ae35ebfef39e7f45abb81ac087b24f02d066
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•