Open
Bug 1509938
Opened 5 years ago
Updated 2 years ago
Validate extension event parameters in debug builds
Categories
(WebExtensions :: General, enhancement, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: robwu, Unassigned)
References
Details
Bug 1363886 added validation of return values (and callback parameters) in debug builds. Although the schema supports typed event parameters, we do currently not perform any validation that the schema matches with the implementation. This causes bugs such as bug 1440700. To prevent such bugs from happening, we could add debug-only validation to event listeners. For example by mapping actual event handlers to a helper function that validates the event parameters before calling the actual listener at [1] (a DefaultWeakMap could be used for this). I expect that such validation would catch at least one other standing issue in our implementation: Our runtime.onMessage event currently leaks internal details via the second parameter ("sender" has properties contextId and envType, which shouldn't be exposed). [1] https://searchfox.org/mozilla-central/rev/d35199ef15ffa57d190886e20d5df6471faf0870/toolkit/components/extensions/Schemas.jsm#2426-2432
Updated•5 years ago
|
Priority: -- → P3
Comment 1•5 years ago
|
||
Scope creep alert: it would be great to move all the validation to happen based on a pref instead of debug vs opt builds. Debug builds are totally impractical for any serious use, but this would be useful for extension developers to be able to opt in to.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•