Closed Bug 1570062 Opened 1 year ago Closed 1 year ago

Whitelist what's new "moments" pages


(Firefox :: Messaging System, enhancement, P1)




Firefox 70
Tracking Status
firefox69 --- fixed
firefox70 --- fixed


(Reporter: k88hudson, Assigned: Mardak)




(1 file)

In Bug 1568692 we landed some code to trigger a moments page based on a pref value. We might want to consider whitelisting the domains that are allowed to be shown if we think that's necessary.

Following up with sec.

Assignee: nobody → andrei.br92

If its easy to whitelist, etc. domains, I'd recommend just doing that. Alternatively, I suggest you ask for a security review meeting with Dan Veditz and team using the email address.

See Also: → 1571843

I'll have it allow https: and base domains

Assignee: andrei.br92 → edilee
Priority: -- → P1

Use URL to parse and eTLD to extract allowed domains

Pushed by
Whitelist what's new "moments" pages r=k88hudson
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 70

Comment on attachment 9083866 [details]
Bug 1570062 - Whitelist what's new "moments" pages

Beta/Release Uplift Approval Request

  • User impact if declined: Undesired urls could be shown at startup
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1) create new string pref browser.startup.homepage_override.once set to {"url":"|"}
  1. restart firefox
  2. see both a thank you page ( and home page tabs but not
  • List of other uplifts needed: Bug 1568692
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Slight modification to the behavior from bug 1568692 which is default off.
  • String changes made/needed: none
Attachment #9083866 - Flags: approval-mozilla-beta?
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

Comment on attachment 9083866 [details]
Bug 1570062 - Whitelist what's new "moments" pages

Work in support of the approved relationship scoping projects targeting Fx69. Approved for 69.0b14.

Attachment #9083866 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.