Additional preferences to sanitize or disable sanitization for
Categories
(Core :: Preferences: Backend, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox109 | --- | fixed |
People
(Reporter: tjr, Assigned: tjr)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
Telemetry shows:
- capability.policy.localfilelinks.checkloaduri.enabled
- capability.policy.localfilelinks.sites
- font.name.[fantasy/fixed/monospace/sans-serif/serif/].[font-name?]
- logging.config.LOG_FILE
- nimbus.syncdatastore.aboutwelcome
- nimbus.syncdatastore.aboutwelcome.id
- nimbus.syncdatastore.aboutwelcome.screens
- services.sync.clients.devices.mobile
All of these are very low-user-count (less than 46 on release channel)
|
Assignee | |
Comment 1•3 years ago
|
||
The capability.policy ones seem to be an incorrect assignment of localfilelinks_policy which is references in the code. Unusually, it seems like the way the related code is written it doesn't matter what the pref name is, as the name (well, part of the name) itself comes from the preference capability.policy.policynames which... seems odd to me. But, we'll allowlist the whole capability.policy tree.
font.name will get allowlisted also.
logging.config.LOG_FILE is a real logging pref
nimbus.syncdatastore. is the nimbus experiment branch, I guess we'll allowlist all of it.
services.sync.clients.devices.mobile is the number of mobile devices we are syncing to. There's also services.sync.clients.devices.desktop. I imagine this is also only used in the Privileged About Content Process (like services.sync.username) - we will have to wait until 108 hits release to be certain though. I won't allowlist it right now.
|
|
Assignee | |
Comment 2•3 years ago
|
||
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Description
•