Closed Bug 1673309 Opened 3 years ago Closed 3 years ago

Sanitizer API incorrectly hidden behind a pref

Categories

(Core :: DOM: Security, defect)

defect

Tracking

()

RESOLVED FIXED
84 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox81 --- unaffected
firefox82 --- wontfix
firefox83 --- fixed
firefox84 --- fixed

People

(Reporter: freddy, Assigned: freddy)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: dev-doc-complete, regression)

Attachments

(1 file)

[Exposed=Window, SecureContext]
interface Sanitizer {
  [Pref="dom.security.sanitizer.enabled", Throws]
  constructor(optional SanitizerOptions options = {}); // optionality still discussed in spec
...
};```

The `Pref=` should be on the interface in the first line.
Regressed by: 1652481
Has Regression Range: --- → yes
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d431052b6dec
Sanitizer should be behind a pref r=hsivonen

Comment on attachment 9183709 [details]
Bug 1673309 - Sanitizer should be behind a pref

Beta/Release Uplift Approval Request

  • User impact if declined: The patch moves an experimental API behind a pref. Not taking this patch could cause a Web Compat issue, mostly for forthcoming releases, when feature testing based on 'Sanitizer' in window.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce: Automated tests should cover this.
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The API ought to be behind a pref, while still under development. Taking the patch makes stuff less risky.
  • String changes made/needed: None
Attachment #9183709 - Flags: approval-mozilla-beta?
Backout by malexandru@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d260f821050b
Backed out changeset d431052b6dec for causing mochitest failures in test_interfaces_secureContext.html
Flags: needinfo?(fbraun)
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6e98f4aae8d6
Sanitizer should be behind a pref r=hsivonen
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 84 Branch

Might be a good idea to document this one.

Keywords: dev-doc-needed

Comment on attachment 9183709 [details]
Bug 1673309 - Sanitizer should be behind a pref

Approved for 83 beta 5, thanks.

Attachment #9183709 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Hi - I'm wondering if someone could clarify which version of FF this was available. From the thread here I understand Sanitizer was available in 82/83? But only behind the correct pref in 84?

Thank you!

Firefox 82 exposed the Sanitizer constructor, but the methods hanging off of the constructed object have never been exposed.
Firefox 83 (when in Nightly and Beta) were also affected of this issue, but this has been addressed before Firefox 83 was released.

The experimental (yet to be properly specified API) works as intended when setting the pref dom.security.sanitizer.enabled in any version after Firefox 82. Given that this is a prototype of an upcoming specification, we do not make any stability or functionality guarantees for it.

Thank you so much! Appreciated

You need to log in before you can comment on or make changes to this bug.