Warn when nsITransferable.init is called with a null first argument



addons.mozilla.org Graveyard
Add-on Validation
5 years ago
2 years ago


(Reporter: kmag, Unassigned)



In bug 722872, an init method was added to the nsITransferable interface in order to allow the clipboard service to clear clipboard data from PBM windows when necessary. Bug 795423 added a warning prompting users to call this with a null first argument, which has the potential to cause data to leak across PBM sessions. We need to warn users that an appropriate context needs to be passed where appropriate.

I'll write the message and do some devmo updates. Josh, can you provide some examples of when null would be an appropriate argument? I'll provide the ones where it's not.

Comment 1

5 years ago
null is appropriate when:
* the transferable object is not being placed on the clipboard (eg. when obtaining data from the clipboard)
* the contents of the transferable object do not originate from web content (eg. synthesizing a string unrelated to any tab, etc.)

Comment 2

5 years ago
In case it's not clear, the context contains data that is used to indicate whether clipboard data should be cleared when exiting private browsing mode. A null context means that no clearing will occur, while a non-null context has its privacy status checked to make the decision.

Comment 3

4 years ago
What is the heuristic for this? Simply flagging the init method with a null first argument? It sounds like there's more to this.
Flags: needinfo?
Just checking for an explicit null is all we need. I don't think there's a programmatic way to determine when it's appropriate.
Flags: needinfo?

Comment 5

4 years ago

This should cover it. Let me know if that's too narrow/broad/doesn't work.
Last Resolved: 4 years ago
Resolution: --- → FIXED


2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.