Open Bug 1509938 Opened 5 years ago Updated 2 years ago

Validate extension event parameters in debug builds

Categories

(WebExtensions :: General, enhancement, P3)

64 Branch
enhancement

Tracking

(Not tracked)

People

(Reporter: robwu, Unassigned)

References

Details

Bug 1363886 added validation of return values (and callback parameters) in debug builds.

Although the schema supports typed event parameters, we do currently not perform any validation that the schema matches with the implementation. This causes bugs such as bug 1440700.

To prevent such bugs from happening, we could add debug-only validation to event listeners. For example by mapping actual event handlers to a helper function that validates the event parameters before calling the actual listener at [1] (a DefaultWeakMap could be used for this).

I expect that such validation would catch at least one other standing issue in our implementation: Our runtime.onMessage event currently leaks internal details via the second parameter ("sender" has properties contextId and envType, which shouldn't be exposed).

[1] https://searchfox.org/mozilla-central/rev/d35199ef15ffa57d190886e20d5df6471faf0870/toolkit/components/extensions/Schemas.jsm#2426-2432
Priority: -- → P3
Scope creep alert: it would be great to move all the validation to happen based on a pref instead of debug vs opt builds.  Debug builds are totally impractical for any serious use, but this would be useful for extension developers to be able to opt in to.
See Also: → 1602005
See Also: → 1628178
See Also: → 1707405
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.