(This is related to bug 845045 but not the same. This requires more extensive changes.) The dial activity handler does not correctly reject invalid phone numbers. I am able to ask it to dial for example the following numbers: "<h1>Cheese</h1>" "!@#$%^&*()_+=-" "hello \u2673 foo" All these are invalid and should be rejected. Instead the dialer currently simply shows the above strings as the entered number and lets me dial it. Instead the activity should return an appropriate error code when an invalid number is passed to it and the the dialer should simply never appear.

I should be able to take this one as well as I just implemented the sanitize function. I think along with truncation if we simple strip out all non-valid characters we should be fine here. I think that the regex would be something like: number.replace(/[^0-9+*#]/g, '')

Isn't the + optional and only at the beginning of the number? Also, we probably do want to support dialing 800-FIR-EFOX from activities? Maybe that warrants a second bug :-)

Again, this should have been fixed on 835750 and/or 836215.

(clearing tef? for now. doesn't sound like a security issue or critical failure for v1.0.1)