Closed Bug 463164 Opened 16 years ago Closed 7 years ago

Sanity Check arguments to registerProtocolHandler

Categories

(Firefox Graveyard :: RSS Discovery and Preview, defect)

Product:
Firefox Graveyard
Component:
RSS Discovery and Preview
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: cmtalbert, Unassigned)

References

Details

Spun off from bug 354443 We need to sanity check the type and title arguments for the registerProtocolHandler API. The details (copied from the other bug) are here: The type should be restricted to the characters that are allowed as a MIME type: // reject types that contain characters other than // alphanumerics or '.', '-', '+', '/' if (contentType.match(/[^-./+a-z0-9]/i) ) throw("Invalid MIME type"); Maybe there are a few other allowable characters, but it should be a whitelist of good characters rather than an attempt to filter bad ones. Currently we silently drop non-feed types, the whatwg spec says we should raise an exception for types we deem privileged like text/html. It'd be odd to raise an exception for some types and not others, we should probably raise an exception no matter the reason we reject the type. Not sure what checking we should do on the title. It gets saved as a pref and shown in a couple of different dialogs (as text, a listbox, a drop down). We'd want to allow localized text. Maybe just strip our control characters?
Blocks: 354443
As of Bug 1460481 we should WONTFIX this.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.