Closed
Bug 847649
Opened 12 years ago
Closed 7 years ago
Contacts' "new" activity does not validate parameters
Categories
(Firefox OS Graveyard :: Gaia::Contacts, defect, P4)
Tracking
(tracking-b2g:backlog)
RESOLVED
WONTFIX
| tracking-b2g | backlog |
People
(Reporter: st3fan, Unassigned)
References
Details
The parameters of the "new" activity are not properly validated.
There are two: id and extras. Both of these are copied from the activity to the page request parameters and then used later.
I don't think you can do anything evil with the id parameter but it looks like the "extras" entries are blindly copied to a contact template.
This is where the params are copied: https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/contacts/js/activities.js#L32
And this is where they are used: https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/contacts/js/contacts.js#L79
|
||
Comment 1•12 years ago
|
||
Are blindly copied, by escaped when displaying. When you said something evil you meant scripts injection or something I'm missing?
Thanks!
|
Reporter | |
Comment 2•12 years ago
|
||
Alberto, I don't know. I did not find any documentation on what parameters the activity accepts nor did I find a list in the code to limit what it accepts. I just think something needs to look at this to make sure no surprises can happen.
|
|
||
Comment 3•12 years ago
|
||
Makes sense to check with more care those parameters. I'll do that and avoiding 'new' becoming an 'update' activity.
Thanks for the review!
|
||
Updated•10 years ago
|
blocking-b2g: --- → backlog
Whiteboard: priority=4
|
Assignee | |
Updated•10 years ago
|
blocking-b2g: backlog → ---
tracking-b2g:
--- → backlog
|
||
Updated•10 years ago
|
Priority: -- → P4
Whiteboard: priority=4
|
||
Comment 4•7 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•