Closed Bug 732181 Opened 13 years ago Closed 6 years ago

escape formdata in sessionstore

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: zpao, Unassigned)

References

Details

(Keywords: sec-moderate, Whiteboard: [sg:moderate])

Attachments

(1 file, 1 obsolete file)

Test Patch v0.1
(deleted), patch
dietrich
: review+
Details | Diff | Splinter Review
identifier and value need to be escaped
Marking sg:moderate based on a similar rating in bug 730531, Paul said to assign to him.
Assignee: nobody → paul
Whiteboard: [sg:moderate]
Attached patch Patch v0.1 (obsolete) (deleted) — Splinter Review
The first test file change wasn't needed (but doing that made it much easier to hunt down the failure I had). The other test changes were needed to make everything pass.
Attachment #617984 - Flags: review?(dietrich)
Attached patch Test Patch v0.1 (deleted) — Splinter Review
Just tests for all of these now encoded strings
Attachment #617984 - Attachment is obsolete: true
Attachment #617985 - Flags: review?(dietrich)
Attachment #617984 - Flags: review?(dietrich)
Attachment #617985 - Flags: review?(dietrich) → review+
Assignee: paul → nobody
Group: core-security → firefox-core-security
Since we're now compressing the sessionstore file, which includes form data, this is not an issue anymore.
Status: NEW → RESOLVED
Closed: 6 years ago
Depends on: 934967
Resolution: --- → WORKSFORME
Gijs, can you clear the sec group here too?
Flags: needinfo?(gijskruitbosch+bugs)
Group: firefox-core-security
Flags: needinfo?(gijskruitbosch+bugs)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: