Input types for the privacy and browserSettings APIs are not validated

NEW
Assigned to

Status

enhancement
P3
normal
2 years ago
10 months ago

People

(Reporter: bsilverberg, Assigned: bsilverberg)

Tracking

57 Branch

Firefox Tracking Flags

(Not tracked)

Details

This was mentioned in a comment on bug 1420974, and is something I had noticed before. Because of the way browserSetting [1] is implemented [2], there are no type validations done on inputs based on the schema. It would be nice to have this, but it would mean a redesign of the way browserSetting is implemented. I'm not sure how to go about making that work, or even if it's something we want to do.

If we cannot or do not want to make that change, another approach could be to do validation of input types in each of the individual settings, but that seems less than ideal.

I took at look at Chrome's schema for the privacy API [3], and they deal with this by including a `value` property on each setting, which includes the type. I suppose a similar approach could work for us. 

[1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/types/BrowserSetting
[2] https://searchfox.org/mozilla-central/source/toolkit/components/extensions/schemas/types.json#85
[3] https://cs.chromium.org/chromium/src/chrome/common/extensions/api/privacy.json
Shane and/or Kris, what do you think about this issue and what we should do to address this?
Severity: enhancement → normal
Flags: needinfo?(mixedpuppy)
Flags: needinfo?(kmaglione+bmo)
Having schema handle it would be ideal.  I don't know the schema code well, so I don't know how approachable that is.  Otherwise, I think at least having some validation even if in code is a good thing.  

The value schema looks over done (ie. repeating the pref name again), a simple type seems simpler, and I'm not certain we need schema compatibility here.
Flags: needinfo?(mixedpuppy)
Assignee: nobody → bob.silverberg
Priority: -- → P3
Product: Toolkit → WebExtensions
Flags: needinfo?(kmaglione+bmo)
You need to log in before you can comment on or make changes to this bug.