mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-30 00:01:50 +00:00
Bug 569740 - Tab Characters within Usernames Can Cause Connectivity Issues & Security Events [r=mconnor]
Strip tabs from username since tabs are stripped from URIs and the username is part of all URIs.
This commit is contained in:
parent
c8aa414112
commit
38dd746086
@ -113,6 +113,9 @@ WeaveSvc.prototype = {
|
||||
if (value) {
|
||||
// Make sure all uses of this new username is lowercase
|
||||
value = value.toLowerCase();
|
||||
// Tab characters are stripped from URIs, so make sure that the
|
||||
// username doesn't contain any tabs.
|
||||
value = value.replace("\t", "", "g");
|
||||
Svc.Prefs.set("username", value);
|
||||
}
|
||||
else
|
||||
|
@ -23,10 +23,11 @@ function test_urlsAndIdentities() {
|
||||
do_check_eq(Weave.Service.metaURL, undefined);
|
||||
|
||||
_("The 'username' attribute is normalized to lower case, updates preferences and identities.");
|
||||
Weave.Service.username = "JohnDoe";
|
||||
do_check_eq(Svc.Prefs.get("username"), "johndoe");
|
||||
do_check_eq(ID.get("WeaveID").username, "johndoe");
|
||||
do_check_eq(ID.get("WeaveCryptoID").username, "johndoe");
|
||||
Weave.Service.username = "TarZan";
|
||||
do_check_eq(Weave.Service.username, "tarzan");
|
||||
do_check_eq(Svc.Prefs.get("username"), "tarzan");
|
||||
do_check_eq(ID.get("WeaveID").username, "tarzan");
|
||||
do_check_eq(ID.get("WeaveCryptoID").username, "tarzan");
|
||||
|
||||
// Since we don't have a cluster URL yet, these will still not be defined.
|
||||
do_check_eq(Weave.Service.infoURL, undefined);
|
||||
@ -35,6 +36,14 @@ function test_urlsAndIdentities() {
|
||||
do_check_eq(PubKeys.defaultKeyUri, undefined);
|
||||
do_check_eq(PrivKeys.defaultKeyUri, undefined);
|
||||
|
||||
_("Tabs are stripped from the 'username' attribute as they can't be part of a URI.");
|
||||
Weave.Service.username = "jo\thn\tdoe";
|
||||
|
||||
do_check_eq(Weave.Service.username, "johndoe");
|
||||
do_check_eq(Svc.Prefs.get("username"), "johndoe");
|
||||
do_check_eq(ID.get("WeaveID").username, "johndoe");
|
||||
do_check_eq(ID.get("WeaveCryptoID").username, "johndoe");
|
||||
|
||||
_("The 'clusterURL' attribute updates preferences and cached URLs.");
|
||||
Weave.Service.serverURL = "http://weave.server/";
|
||||
Weave.Service.clusterURL = "http://weave.cluster/";
|
||||
|
Loading…
Reference in New Issue
Block a user