Closed
Bug 354443
Opened 18 years ago
Closed 7 years ago
navigator.registerContentHandler doesn't sanity-check type/title args.
Categories
(Firefox Graveyard :: RSS Discovery and Preview, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: dveditz, Unassigned)
References
Details
(Keywords: sec-other, Whiteboard: [sg:nse])
Spun off from bug 354316 comment 2
navigator.registerContentHandler doesn't sanity-check the type or title arguments (uri arg is handled in bug 354316).
The type should be restricted to the characters that are allowed as a MIME type:
// reject types that contain characters other than
// alphanumerics or '.', '-', '+', '/'
if (contentType.match(/[^-./+a-z0-9]/i) )
throw("Invalid MIME type");
Maybe there are a few other allowable characters, but it should be a whitelist of good characters rather than an attempt to filter bad ones.
Currently we silently drop non-feed types, the whatwg spec says we should raise an exception for types we deem privileged like text/html. It'd be odd to raise an exception for some types and not others, we should probably raise an exception no matter the reason we reject the type.
Not sure what checking we should do on the title. It gets saved as a pref and shown in a couple of different dialogs (as text, a listbox, a drop down). We'd want to allow localized text. Maybe just strip our control characters?
|
Reporter | |
Updated•18 years ago
|
Whiteboard: [sg:nse] reveals bug 354316
|
||
Updated•18 years ago
|
Assignee: nobody → dmose
|
|
||
Comment 1•17 years ago
|
||
Requesting [wanted-firefox3].
Flags: blocking-firefox3?
Target Milestone: --- → Firefox 3 M10
|
||
Updated•17 years ago
|
Flags: blocking-firefox3? → blocking-firefox3-
Whiteboard: [sg:nse] reveals bug 354316 → [wanted-firefox3] [sg:nse] reveals bug 354316
Don't we also need this for the "registerProtocolHandler" API?
Should I make a spin off bug or is this one enough?
|
|
Reporter | |
Updated•17 years ago
|
Group: security
Whiteboard: [wanted-firefox3] [sg:nse] reveals bug 354316 → [wanted-firefox3] [sg:nse]
|
|
||
Comment 3•17 years ago
|
||
ctalbert: spinoff bug would be good here, I think.
Target Milestone: Firefox 3 M10 → ---
|
||
Updated•17 years ago
|
Flags: wanted-firefox3+
Whiteboard: [wanted-firefox3] [sg:nse] → [sg:nse]
|
|
||
Comment 4•17 years ago
|
||
With a few exceptions, I'm mostly focused on MailCo-related hacking now. Reassigning a bunch of bugs to default component owners. I'm happy to help with brainstorming/advice as needed, however.
Search for the string MAILMONKEY to delete any bugmail generated by this change.
Assignee: dmose → nobody
(In reply to comment #3)
> ctalbert: spinoff bug would be good here, I think.
Sorry, this fell through the cracks. Filed bug 463164.
|
||
Comment 6•7 years ago
|
||
As of Bug 1460481 we should WONTFIX this.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
|
||
Updated•6 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•