JumpListBuilder::RemoveIconCacheAndGetJumplistShortcutURIs truncates long URIs when calculating what to remove
Categories
(Core :: Widget: Win32, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox127 | --- | fixed |
People
(Reporter: mconley, Assigned: mconley)
References
Details
Attachments
(1 file)
It's possible for users to have webpage items show up in their jump list that they'd like removed. The way we generally do this is by querying the win32 API for jump lists for any removals from the user either while the browser was running or not, and then removing those pages from Places before figuring out the sites to put in the "frequently visited" list.
There is, however, a bug - and this bug appears to exist in the previous jump list backend as well: when we get the list of URLs back from Windows that should be removed, we truncate any URLs that are longer than MAX_PATH.
This means that any webpages with sufficiently long URLs that show up in the jump list that are removed by the user, will not actually get removed from Places. That's a bit of a privacy leak to start. The second issue is that because the sites that was supposed to be removed doesn't, it'll likely show up again in the list of sites to sent to the jump list. When Windows sees this, they recognize that a removed item was re-added after expressing the removal, and give back an error code when attempting to commit the list.
We're doing that truncation here: https://searchfox.org/mozilla-esr115/rev/b8b83d5466d16a6df5e8a1ac74b9fbd185d15284/widget/windows/JumpListBuilder.cpp#576-577
According to the IShellLink documentation, for Win 7 and up we should use PKEY_Link_Arguments instead to avoid this kind of thing: https://learn.microsoft.com/en-us/windows/win32/api/shobjidl_core/nf-shobjidl_core-ishelllinka-getarguments#remarks
Updated•6 months ago
|
Assignee | ||
Comment 1•5 months ago
|
||
Updated•5 months ago
|
Comment 3•5 months ago
|
||
bugherder |
Description
•