Closed Bug 1898498 Opened 1 year ago Closed 1 year ago

downloads.download throws if the filename containing "%"

Categories

(WebExtensions :: General, defect, P3)

Product:
WebExtensions
Component:
General
Version:
Firefox 128
Type:
defect

Tracking

(firefox-esr115 verified, firefox126 unaffected, firefox127 wontfix, firefox128 verified, firefox129 verified)

Status:
VERIFIED FIXED
Milestone:
129 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- verified
firefox126 --- unaffected
firefox127 --- wontfix
firefox128 --- verified
firefox129 --- verified

People

(Reporter: eight04, Assigned: robwu)

References

(Depends on 1 open bug, Regression)

Details

(Keywords: regression, Whiteboard: [addons-jira])

Attachments

(3 files)

Bug 1898498 - downloads.download - transform % to _
48 bytes, text/x-phabricator-request
Details | Review
Bug 1898498 - downloads.download - transform % to _
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-beta+
Details | Review
Bug 1898498 - downloads.download - transform % to _
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr115+
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0

Steps to reproduce:

  1. Visit https://github.com/eight04/webextension-test/archive/refs/heads/illegal-filename.zip, download the extension, and unzip.
  2. Visit about:debugging#/runtime/this-firefox and load it as a temporary addon.
  3. Click the extension button to trigger browserAction.
  4. Inspect the background page and open the console.

Actual results:

An error is thrown:

Error: filename must not contain illegal characters

Expected results:

In Firefox 126, a file named %.html is downloaded.

Component: Untriaged → Downloads Panel

There was a security bug that we fixed for normal (non-webextension-initiated) downloads in 127 around % in filenames. But that normally leads to the filename being sanitized (ie the invalid characters get replaced with valid ones).

I don't know why the webextension API complains instead of doing that - over to webextensions.

Component: Downloads Panel → General
Product: Firefox → WebExtensions
See Also: → 1791530

Hello,

I reproduced the issue on the latest Nightly (128.0a1/20240530213713) and Beta (127.0b8/20240529091551) under Windows 10 x64 and Ubuntu 22.04 LTS. Also checked Firefox Release (126.0.1/20240526221752) but this version is not affected.

The issue occurs as described in Comment 0.

Ran a mozregression as well with the following results:

2024-05-31T09:21:05.985000: DEBUG : Found commit message:
Bug 1891234, additional filename filter checks, r=Gijs,extension-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D208659

Corresponding pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=822a570ebc0a96218ce637d79b5af9e0e7c90030&tochange=91862a7f62978e0a2e8cf8f72ac03666c7076890

Status: UNCONFIRMED → NEW
status-firefox126: --- → unaffected
status-firefox127: --- → affected
status-firefox128: --- → affected
Ever confirmed: true
Keywords: regression
Regressed by: CVE-2024-5692
status-firefox-esr115: --- → affected
Flags: needinfo?(enndeakin)

I think this is just a version of 1791530.

The webextension apis throw an error on an invalid filename rather than accepting the sanitized filename.

Depends on: 1791530
Flags: needinfo?(enndeakin)

We should fix up the filename (bug 1791530) or document more clearly that invalid characters can cause errors. The current list is quite detailed but does not cover enough: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/downloads/download#filename

Chrome converts % to _: https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/extensions/api/downloads/downloads_api.cc;l=1126-1128;drc=ac83a5a2d3c04763d86ce16d92f3904cc9566d3a
We should do the same, because a % is quite common (e.g. if someone were to derive the filename from the URL, odds are that it will contain a %).

Having an illegal character list would help. Currently I'm using this table:
https://github.com/eight04/image-picka/blob/39f4b4e686a6726383489cd6763dd783f18f0983/src/lib/escape.js#L3

Would you like to have full control over the filename (i.e. explicit errors when the chosen filename is not supported), or would you prefer the browser to automatically fix the incorrect character, e.g. consistent with native browser UI?

Bug 1791530 is relevant.

Would you like to have full control over the filename (i.e. explicit errors when the chosen filename is not supported), or would you prefer the browser to automatically fix the incorrect character, e.g. consistent with native browser UI?

One benefit of automatic fixing is that we won't have a breaking change when adding a new illegal character (e.g. % in this case.)
https://addons.mozilla.org/en-US/firefox/addon/image-picka/reviews/2082846/
And extension developers don't have to update their escape table individually.
But then we should tell them to query the download ID if they need the real filename.

Personally, I'm fine with both cases as long as those characters are documented. Otherwise I have to dig the source or write a test suite to find out which characters are invalid.

The severity field is not set for this bug.
:willdurand, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(wdurand)

Because % worked before and now does not, I'm going to submit a patch that converts % to _ like Chrome. Otherwise extensions that used to work before will break.

Flags: needinfo?(wdurand)
Severity: -- → S4
Priority: -- → P3
Whiteboard: [addons-jira]
Assignee: nobody → rob
Status: NEW → ASSIGNED

I wrote a test to check illegal characters (from 0 to 127) and here is the result:
https://github.com/eight04/webext-illegal-filename/blob/master/report.md

Seems that there are only two characters behave differently from chromium:

  • 0 - In edge, you can actually put \0 in the filename. Not sure what will actually happen though.
  • 37 - %
    • FF 126 - valid.
    • FF 129 - invalid.
    • Edge 126 - valid. Will be replaced with _.

I also tried testing firefox-android. However the promise returned by downloads.download never resolves.

Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/51a412de4d68 downloads.download - transform % to _ r=willdurand,geckoview-reviewers,m_kato

https://hg.mozilla.org/mozilla-central/rev/51a412de4d68

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox129: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 129 Branch

The patch landed in nightly and beta is affected.
:robwu, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox128 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(rob)
Attachment #9408163 - Flags: approval-mozilla-beta?

beta Uplift Approval Request

  • User impact if declined: Fixes regression in 127+128: Extensions cannot save files where the suggested filename contains a "%"
  • Code covered by automated testing: yes
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: See STR from bug report.
  • Risk associated with taking this patch: none
  • Explanation of risk level: Change limited to the part of the extension API implementation that is affected.
  • String changes made/needed: none
  • Is Android affected?: no
Attachment #9408165 - Flags: approval-mozilla-esr115?

esr115 Uplift Approval Request

  • User impact if declined: Fixes regression in ESR115 (127): Extensions cannot save files where the suggested filename contains a "%"
  • Code covered by automated testing: yes
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: See STR from bug report.
  • Risk associated with taking this patch: none
  • Explanation of risk level: Change limited to the part of the extension API implementation that is affected. Covered by unit tests.
  • String changes made/needed: none
  • Is Android affected?: no
Flags: needinfo?(rob)
Flags: in-testsuite+
Attachment #9408163 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Verified as Fixed. Tested on the latest Nightly (129.0a1/20240618214224) and Beta (128.0b5/20240618143848, from https://treeherder.mozilla.org/jobs?repo=mozilla-beta&revision=d25dbcf9694ffef374d61fdaa933c071315ba0c1) under Windows 10 x64 and Ubuntu 22.04 LTS.

The % is replaced by _ in the downloaded file name and the error is no longer thrown, confirming the fix.

Status: RESOLVED → VERIFIED
status-firefox128: fixedverified
status-firefox129: fixedverified
Attachment #9408165 - Flags: approval-mozilla-esr115? → approval-mozilla-esr115+

A user reported a similar case with a different pattern. It's seems that it is not just about "illegal characters":
https://bugzilla.mozilla.org/show_bug.cgi?id=1903780

Verified as Fixed. Tested on ESR (115.13.0esr/20240620161327 from https://treeherder.mozilla.org/jobs?repo=mozilla-esr115&revision=4ce591c56fd88ca3fcf7ad3a46b9cb7d0ecb8257) under Windows 10 x64 and Ubuntu 22.04 LTS.

The % is replaced by _ in the downloaded file name and the error is no longer thrown, confirming the fix.

status-firefox-esr115: fixedverified

(In reply to eight04 from comment #23)

A user reported a similar case with a different pattern. It's seems that it is not just about "illegal characters":
https://bugzilla.mozilla.org/show_bug.cgi?id=1903780

There was a separate change to filename sanitization that can replace spaces with _ in some situations. I'll follow up in bug 1903780.

See Also: → 1903780
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: