Closed
Bug 790681
Opened 12 years ago
Closed 12 years ago
Stricter validation for version strings
Categories
(Marketplace Graveyard :: Validation, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
2012-09-27
People
(Reporter: robhudson, Unassigned)
Details
Currently one can put HTML tags in the version string of an app manifest and it passes validation. This shouldn't be.
Also consider validating against a version string spec, similar to what add-ons has, e.g. https://developer.mozilla.org/en-US/docs/Extension_Versioning,_Update_and_Compatibility
We may need the above depending on how Firefox OS is going to handle comparing versions?
Comment 1•12 years ago
|
||
I'm going to go out of my way and define restrictions on the version string. The version string must match the following regular expression if the "version" element is present:
[a-zA-Z0-9_,\*\-\.]+
Basically: any alphanumeric character, dot, comma, hyphen, underbar, and asterisk is allowed. All other characters will be disallowed.
Since the version element is not used for actual version comparison, it will be assumed that this string will provide a human-readable version identifier (e.g.: "Snow Leopard" on OS X 10.6).
Comment 2•12 years ago
|
||
We've wanted to use version numbers for actual comparison for a long time.
Version check for addons has no real way to compare versions and has to fall back to less reliable methods. It would be hard to enforce this for addons now. I'd like to avoid this for apps if we can.
But I guess we'd have to make this a marketplace specific version scheme or change the spec.
Comment 3•12 years ago
|
||
The biggest problem (that robhudson pointed out) is the "version" element is not required in the app manifest. Even if we did have a consistent format, we'd need to change the spec to make the version mandatory.
It should also be noted that we should never let the developer upload a version where the version number isn't "greater" than all other uploaded versions. If this is the case, then we should just be using a monotonically increasing integer that we keep on a per-app basis. It's not based on anything the developer provides, but it will let us keep track of which version of the app is newest.
Comment 4•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Target Milestone: --- → 2012-09-27
You need to log in
before you can comment on or make changes to this bug.
Description
•