Open Bug 1421648 Opened 6 years ago Updated 3 months ago
Input types for the privacy and browser
Settings APIs are not validated
This was mentioned in a comment on bug 1420974, and is something I had noticed before. Because of the way browserSetting  is implemented , there are no type validations done on inputs based on the schema. It would be nice to have this, but it would mean a redesign of the way browserSetting is implemented. I'm not sure how to go about making that work, or even if it's something we want to do. If we cannot or do not want to make that change, another approach could be to do validation of input types in each of the individual settings, but that seems less than ideal. I took at look at Chrome's schema for the privacy API , and they deal with this by including a `value` property on each setting, which includes the type. I suppose a similar approach could work for us.  https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/types/BrowserSetting  https://searchfox.org/mozilla-central/source/toolkit/components/extensions/schemas/types.json#85  https://cs.chromium.org/chromium/src/chrome/common/extensions/api/privacy.json
Shane and/or Kris, what do you think about this issue and what we should do to address this?
Severity: enhancement → normal
Having schema handle it would be ideal. I don't know the schema code well, so I don't know how approachable that is. Otherwise, I think at least having some validation even if in code is a good thing. The value schema looks over done (ie. repeating the pref name again), a simple type seems simpler, and I'm not certain we need schema compatibility here.
Assignee: bob.silverberg → nobody
You need to log in before you can comment on or make changes to this bug.