1421648 - Input types for the privacy and browserSettings APIs are not validated

Status: NEW

(WebExtensions :: General, enhancement, P3)

Description

[Bob Silverberg [:bsilverberg]]

This was mentioned in a comment on bug 1420974, and is something I had noticed before. Because of the way browserSetting [1] is implemented [2], there are no type validations done on inputs based on the schema. It would be nice to have this, but it would mean a redesign of the way browserSetting is implemented. I'm not sure how to go about making that work, or even if it's something we want to do.

If we cannot or do not want to make that change, another approach could be to do validation of input types in each of the individual settings, but that seems less than ideal.

I took at look at Chrome's schema for the privacy API [3], and they deal with this by including a `value` property on each setting, which includes the type. I suppose a similar approach could work for us. 

[1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/types/BrowserSetting
[2] https://searchfox.org/mozilla-central/source/toolkit/components/extensions/schemas/types.json#85
[3] https://cs.chromium.org/chromium/src/chrome/common/extensions/api/privacy.json

Comment 1

[Bob Silverberg [:bsilverberg]]

Shane and/or Kris, what do you think about this issue and what we should do to address this?

Comment 2

[Shane Caraveo (:mixedpuppy)]

Having schema handle it would be ideal.  I don't know the schema code well, so I don't know how approachable that is.  Otherwise, I think at least having some validation even if in code is a good thing.  

The value schema looks over done (ie. repeating the pref name again), a simple type seems simpler, and I'm not certain we need schema compatibility here.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee is inactive on Bugzilla, so the assignee is being reset.