Open Bug 1851824 Opened 10 months ago Updated 8 months ago

Expand test coverage of invalid URLs in tabs.create/update / windows.create

Categories

(WebExtensions :: General, task, P3)

task

Tracking

(Not tracked)

People

(Reporter: robwu, Unassigned)

References

Details

For completeness, we should verify that invalid URLs are consistently rejected across the extension APIs that open new tabs:

It would also be nice to have tests like these in toolkit/, so that they can run on Android too. E.g. by creating a new test file that lists a bunch of invalid URLs and then calling tabs.create / tabs.update / windows.create (after doing feature detection to verify that these methods exist and/or adding conditions to skip unsupported APIs on specific platforms) and expecting a rejection. That could also be expanded to other extension APIs that accept URLs.

Depends on: CVE-2023-5725
Severity: -- → N/A
Priority: -- → P3

The tabs.create API already has unit tests for file:-URLs, the windows.create API doesn't have tests either. We should ensure that all these APIs test file:-URLs (e.g. to verify the intended behavior that was questioned in bug 1864001).

See Also: → 1864001
You need to log in before you can comment on or make changes to this bug.