Please improve input validation in Narro #306

GoogleCodeExporter · 2015-03-13T19:44:23Z

Issue:
We'd like to bring Narro back online on Mozilla servers; in the security review 
we carried out for this, we found a number of issues which, while now resolved, 
may not have been exploitable had Narro been more strict on validating input.

As it's entirely possible there are more issues, we'd love to see the input 
validation improved.

Remediation:
Please ensure that, where possible, the application checks that the type, the 
size and the format of input is valid.  For more information on this, please 
consult the Mozilla Secure Coding Guidelines: 
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Input_Validation

Thanks

Original issue reported on code.google.com by goodwins...@gmail.com on 2 May 2012 at 8:49

The text was updated successfully, but these errors were encountered:

GoogleCodeExporter · 2015-03-13T19:44:23Z

Original comment by alex...@gmail.com on 3 May 2012 at 5:10

Changed state: Accepted

GoogleCodeExporter · 2015-03-13T19:44:23Z

It's not just a matter of restricting input, which I can't always do, it's 
mostly a matter of escaping the input before being executed or displayed.

Because when you translate you should be able to enter whatever character you 
want.

Original comment by alex...@gmail.com on 3 May 2012 at 5:35

GoogleCodeExporter added Type-Enhancement auto-migrated Priority-Low labels Mar 13, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Please improve input validation in Narro #306

Please improve input validation in Narro #306

GoogleCodeExporter commented Mar 13, 2015

GoogleCodeExporter commented Mar 13, 2015

GoogleCodeExporter commented Mar 13, 2015

Navigation Menu

Please improve input validation in Narro #306

Please improve input validation in Narro #306

Comments

GoogleCodeExporter commented Mar 13, 2015

GoogleCodeExporter commented Mar 13, 2015

GoogleCodeExporter commented Mar 13, 2015