Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-26 14:22:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 569740 - Tab Characters within Usernames Can Cause Connectivity Issues & Security Events [r=mconnor]

Browse Source 
Strip tabs from username since tabs are stripped from URIs and the username is part of all URIs.
This commit is contained in:
Philipp von Weitershausen 2010-06-08 19:05:05 -07:00
parent c8aa414112
commit 38dd746086
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/sync/modules/service.js
View File

@ -113,6 +113,9 @@ WeaveSvc.prototype = {
if (value) {
// Make sure all uses of this new username is lowercase
value = value.toLowerCase();
// Tab characters are stripped from URIs, so make sure that the
// username doesn't contain any tabs.
value = value.replace("\t", "", "g");
Svc.Prefs.set("username", value);
}
else

17
services/sync/tests/unit/test_service_attributes.js
View File

@ -23,10 +23,11 @@ function test_urlsAndIdentities() {
do_check_eq(Weave.Service.metaURL, undefined);
_("The 'username' attribute is normalized to lower case, updates preferences and identities.");
Weave.Service.username = "JohnDoe";
do_check_eq(Svc.Prefs.get("username"), "johndoe");
do_check_eq(ID.get("WeaveID").username, "johndoe");
do_check_eq(ID.get("WeaveCryptoID").username, "johndoe");
Weave.Service.username = "TarZan";
do_check_eq(Weave.Service.username, "tarzan");
do_check_eq(Svc.Prefs.get("username"), "tarzan");
do_check_eq(ID.get("WeaveID").username, "tarzan");
do_check_eq(ID.get("WeaveCryptoID").username, "tarzan");
// Since we don't have a cluster URL yet, these will still not be defined.
do_check_eq(Weave.Service.infoURL, undefined);
@ -35,6 +36,14 @@ function test_urlsAndIdentities() {
do_check_eq(PubKeys.defaultKeyUri, undefined);
do_check_eq(PrivKeys.defaultKeyUri, undefined);
_("Tabs are stripped from the 'username' attribute as they can't be part of a URI.");
Weave.Service.username = "jo\thn\tdoe";
do_check_eq(Weave.Service.username, "johndoe");
do_check_eq(Svc.Prefs.get("username"), "johndoe");
do_check_eq(ID.get("WeaveID").username, "johndoe");
do_check_eq(ID.get("WeaveCryptoID").username, "johndoe");
_("The 'clusterURL' attribute updates preferences and cached URLs.");
Weave.Service.serverURL = "http://weave.server/";
Weave.Service.clusterURL = "http://weave.cluster/";