750515 - Correctly sanitize filenames for natively-installed webapps on Windows

Status: RESOLVED WONTFIX

(Firefox Graveyard :: Web Apps, defect, P2)

Description

[Tim Abraldes [:TimAbraldes] [:tabraldes]]

bug 747412 and bug 733482 both deal with filename sanitization in the webapps installer code.  The existing code has other known issues (for example, it does not deal with reserved filenames on windows).  We should write platform-specific code for filename sanitization that handles all the cases we can reasonably expect.

Based on the information on Windows filenames provided here [http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx#file_and_directory_names], my suggestion is that we sanitize Windows filenames as follows:
  Remove unprintable chars  0x00-0x1f,0x7f
  Remove reserved chars  <>:"/\|?*
  If the filename becomes blank or becomes a reserved device name (CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9) after sanitization, add an appropriate space (eg. " .exe", "con .exe", "com 1.exe", "lpt 7.exe")

Comment 1

[:Felipe Gomes (needinfo for replies!)]

taking

Comment 3

[Myk Melez [:myk] [@mykmelez]]

Per bug 1238079, we're going to disable the desktop web runtime and remove it
from the codebase, so we won't fix these bugs in the integration between Firefox and the runtime.