Closed Bug 1251268 Opened 8 years ago Closed 8 years ago

MozParam condition="pref" should use values from the default pref branch and URI encode them

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 47
Tracking Flags:
Tracking Status
firefox47 --- fixed

People

(Reporter: florian, Assigned: florian)

Details

Attachments

(1 file)

Patch
7.57 KB, patch
adw
: review+
Details | Diff | Splinter Review 
We observed in Telemetry data that some parameters controlled by preferences in some built-in search plugins were being abused.

In bug 1247562 we changed our built-in plugins to no longer use the MozParam condition="pref" feature, but unfortunately this change won't have any effect for plugins that were distributed by distribution partners, and there's evidence that these are being abused too.

There are 2 things we can do to stop this:
- use the values from the default preference branch: Preferences set from distribution.ini go to the default branch, and it seems abusers are currently just adding values in the user's prefs.js file
- we've seen URLs with a confusing extra parameter; it turns out the pref was being set to something like "value&tracking=id", and the current code doesn't encode parameter values.
Attached patch PatchSplinter Review 

        Attachment #8723607 -
        Flags: review?(adw)

    
    

    
  
Comment on attachment 8723607 [details] [diff] [review]
Patch

Review of attachment 8723607 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.

        Attachment #8723607 -
        Flags: review?(adw) → review+

    
    

    
  
https://hg.mozilla.org/integration/fx-team/rev/67ab004a728d94fc173a4a451c8c4e419555c2e9
Bug 1251268 - MozParam condition="pref" should use values from the default pref branch and URI encode them, r=adw.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/67ab004a728d
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox47:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 47

    
  
Flags: in-testsuite+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: