Closed Bug 828909 Opened 11 years ago Closed 11 years ago

Sanitize Wi-Fi hotspot username and password

Categories

(Firefox OS Graveyard :: Wifi, defect)

Product:
Firefox OS Graveyard
Component:
Wifi
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-basecamp:+, firefox18 wontfix, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed)

Status:
RESOLVED FIXED
Milestone:
B2G C4 (2jan on)
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
firefox18 --- wontfix
firefox19 --- wontfix
firefox20 --- wontfix
firefox21 --- fixed
b2g18 --- fixed

People

(Reporter: mrbkap, Assigned: vchang)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch v1.1
1.40 KB, patch
mrbkap
: review+
Details | Diff | Splinter Review 
See bug 825049 comment 7, which is right on the money. Vincent, is it possible to escape the quotes here or should we disallow passwords with quotes in them?

Vincent, we talked about using "".replace, but I don't think that's the right way to go. You need to be careful about previously-escaped slashes and escaped slashes.
Blocks: 828925
Yeah, there's probably lots of encoding issues we should worry about beyond a simple rouge ".  Adding PaulJT for more info.

Blocking here as we need to address in some minimal way at least.
blocking-basecamp: ? → +
Attached patch Patch v1.0 (obsolete) — Splinter Review 

        Attachment #700445 -
        Flags: review?(mrbkap)

    
    

    
  
Comment on attachment 700445 [details] [diff] [review]
Patch v1.0

Review of attachment 700445 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/system/gonk/net_worker.js
@@ +380,5 @@
>  }
>  
> +function escapeQuote(str) {
> +  str = str.replace(/\\/g, "\\\\");
> +  return str.replace(/\"/g, "\\\"");

You don't need the \ in front of the quote in the regexp.

        Attachment #700445 -
        Flags: review?(mrbkap) → review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch v1.1Splinter Review
      

    


  

        Attachment #700445 -
        Attachment is obsolete: true

        Attachment #700492 -
        Flags: review?(mrbkap)

    
  

        Attachment #700492 -
        Flags: review?(mrbkap) → review+
Keywords: checkin-needed

    
    

    
  
(In reply to Johnny Stenback (:jst, jst@mozilla.com) from comment #5)
> https://hg.mozilla.org/integration/mozilla-inbound/rev/2d1152cf727e

Thank you, Johnny.

    
  
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED

          status-firefox20:
          --- → wontfix

          status-firefox21:
          --- → fixed
Target Milestone: --- → B2G C4 (2jan on)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: