Where's My Fox Security Review: Difference between revisions

Jump to navigation Jump to search

Where's My Fox Security Review (view source)

Revision as of 17:19, 16 April 2014

30 bytes added ,  16 April 2014
→‎API Input Validation
 
Line 64: Line 64:
=== API Input Validation ===
=== API Input Validation ===


HIGH RISK - Input validation is generally lacking.
HIGH RISK - Input validation should be more structural and part of every handler


Functions like getDevFromUrl() to extract a device identifier from the url do not make an effort to validate the identifier. If we know these identifiers are hex hashes or uuids then I think that code can be stricter by matching them against a regular expression.
Functions like getDevFromUrl() to extract a device identifier from the url do not make an effort to validate the identifier. If we know these identifiers are hex hashes or uuids then I think that code can be stricter by matching them against a regular expression.
St3fan
Confirmed users
971

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/965631"

Navigation menu