1251268 - MozParam condition="pref" should use values from the default pref branch and URI encode them

Status: RESOLVED FIXED

(Firefox :: Search, defect)

Description

[Florian Quèze [:florian]]

We observed in Telemetry data that some parameters controlled by preferences in some built-in search plugins were being abused.

In bug 1247562 we changed our built-in plugins to no longer use the MozParam condition="pref" feature, but unfortunately this change won't have any effect for plugins that were distributed by distribution partners, and there's evidence that these are being abused too.

There are 2 things we can do to stop this:
- use the values from the default preference branch: Preferences set from distribution.ini go to the default branch, and it seems abusers are currently just adding values in the user's prefs.js file
- we've seen URLs with a confusing extra parameter; it turns out the pref was being set to something like "value&tracking=id", and the current code doesn't encode parameter values.

Comment 1

[Florian Quèze [:florian]]

Attachment: Patch

Comment 2

[Drew Willcoxon :adw]

Comment on attachment 8723607 [details] [diff] [review]
Patch

Review of attachment 8723607 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.

Comment 3

[Florian Quèze [:florian]]

https://hg.mozilla.org/integration/fx-team/rev/67ab004a728d94fc173a4a451c8c4e419555c2e9
Bug 1251268 - MozParam condition="pref" should use values from the default pref branch and URI encode them, r=adw.

Comment 4

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/67ab004a728d