Closed Bug 730531 Opened 13 years ago Closed 6 years ago

escape document titles in sessionstore

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: zpao, Unassigned)

References

Details

(Keywords: sec-moderate, Whiteboard: [sg:moderate])

Attachments

(1 file, 1 obsolete file)

Patch v0.1 (WIP) 13 years ago Paul O'Shannessy [:zpao] (not bugmail, email directly) (deleted), patch	dietrich : feedback+	Details \| Diff \| Splinter Review
Patch v0.2 13 years ago Paul O'Shannessy [:zpao] (not bugmail, email directly) (deleted), patch	dietrich : review+	Details \| Diff \| Splinter Review

Paul O'Shannessy [:zpao] (not bugmail, email directly)

Reporter

Description

•

13 years ago

We could just encode/decodeURIComponent or do some simple regex replacement.

Daniel Veditz [:dveditz]

Updated

•

13 years ago

Whiteboard: [sg:moderate]

Paul O'Shannessy [:zpao] (not bugmail, email directly)

Reporter

Comment 1

•

13 years ago

Attached patch Patch v0.1 (WIP) (obsolete) (deleted) — Details — Splinter Review

This has breaking effects, but would have the least perf impact. I wanted to filter at JSON.stringify but that was a pretty bad hit last time. The breakage is that the data we export from our APIs will have title encoded so will have to be decoded on the consumer end. I haven't touched the internal consumers yet. I know there are least a couple (sync, history menu).

Assignee: nobody → paul

Attachment #601851 - Flags: feedback?(dietrich)

Dietrich Ayala (:dietrich)

Comment 2

•

13 years ago

Comment on attachment 601851 [details] [diff] [review] Patch v0.1 (WIP) Review of attachment 601851 [details] [diff] [review]: ----------------------------------------------------------------- looks fine. should test it in final patch.

Attachment #601851 - Flags: feedback?(dietrich) → feedback+

Paul O'Shannessy [:zpao] (not bugmail, email directly)

Reporter

Comment 3

•

13 years ago

Attached patch Patch v0.2 (deleted) — Details — Splinter Review

Attachment #601851 - Attachment is obsolete: true

Attachment #617979 - Flags: review?(dietrich)

Dietrich Ayala (:dietrich)

Comment 4

•

13 years ago

Comment on attachment 617979 [details] [diff] [review] Patch v0.2 Review of attachment 617979 [details] [diff] [review]: ----------------------------------------------------------------- per talk IRL, r=me with a simple api regression test added.

Attachment #617979 - Flags: review?(dietrich) → review+

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

13 years ago

Keywords: sec-moderate

Paul O'Shannessy [:zpao] (not bugmail, email directly)

Reporter

Updated

•

11 years ago

Assignee: paul → nobody

BMO Automation

Updated

•

9 years ago

Group: core-security → firefox-core-security

Mike de Boer [:mikedeboer]

Comment 5

•

6 years ago

Since we're now compressing the sessionstore file, which includes form data, this is not an issue anymore. Gijs, can you remove the sec group from this one too?

Status: NEW → RESOLVED

Closed: 6 years ago

Depends on: 934967

Flags: needinfo?(gijskruitbosch+bugs)

Resolution: --- → WORKSFORME

:Gijs (he/him)

Updated

•

6 years ago

Group: firefox-core-security

Flags: needinfo?(gijskruitbosch+bugs)

You need to log in before you can comment on or make changes to this bug.

Bugzilla

escape document titles in sessionstore

Categories

(Firefox :: Session Restore, defect)

Tracking

()

People

(Reporter: zpao, Unassigned)

References

Details

(Keywords: sec-moderate, Whiteboard: [sg:moderate])

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Updated

Updated

Updated

Comment 5

Updated

Attachment

General

Description

File Name

Content Type