Open Bug 1430159 Opened 2 years ago Updated 9 months ago
allow protocols to specify an argument validator that automatically gets executed
A common IPC protocol hardening approach is to: 1. Validate arguments in the content process before sending the message. 2. Validate again in the parent process. If they fail at that point we know we have a spoofed message and can KillHard the child. It would be nice if there was a hook for a protocol implementation to register a validation method that Send*() and Recv*() could automatically run to do this kind of checking. Many protocols will need more context to do proper validation, but there are probably a lot of places where simple checks would go a long way. For example, an API taking a URL argument could: 1. Validate the URL parses. 2. Validate the URL has the expected scheme (perhaps chrome:// only, etc.) 3. Perhaps validate other know path/file extension limitations.
You need to log in before you can comment on or make changes to this bug.