From 9e93fd0d84c41012514c3b3356ebd43f4dd9182f Mon Sep 17 00:00:00 2001 From: Frederik Braun Date: Mon, 13 Mar 2017 18:40:45 -0400 Subject: [PATCH] Bug 1346720 - Disallow invalid report IDs early on. r=gerald MozReview-Commit-ID: GBDnzYh0gPt --- browser/base/content/browser-media.js | 4 ++++ dom/media/DecoderDoctorDiagnostics.cpp | 1 + 2 files changed, 5 insertions(+) diff --git a/browser/base/content/browser-media.js b/browser/base/content/browser-media.js index c1ed344d6426..92d5f222ffeb 100644 --- a/browser/base/content/browser-media.js +++ b/browser/base/content/browser-media.js @@ -249,6 +249,10 @@ let gDecoderDoctorHandler = { // resolution of that issue, to be reported as telemetry. let {type, isSolved, decoderDoctorReportId, formats} = parsedData; type = type.toLowerCase(); + // Error out early on invalid ReportId + if (!(/^\w+$/mi).test(decoderDoctorReportId)) { + return + } let title = gDecoderDoctorHandler.getLabelForNotificationBox(type); if (!title) { return; diff --git a/dom/media/DecoderDoctorDiagnostics.cpp b/dom/media/DecoderDoctorDiagnostics.cpp index 1f09372b8536..3457b5f6ffd5 100644 --- a/dom/media/DecoderDoctorDiagnostics.cpp +++ b/dom/media/DecoderDoctorDiagnostics.cpp @@ -247,6 +247,7 @@ DecoderDoctorDocumentWatcher::EnsureTimerIsStarted() } } +// Note: ReportStringIds are limited to alphanumeric only. static const NotificationAndReportStringId sMediaWidevineNoWMF= { dom::DecoderDoctorNotificationType::Platform_decoder_not_found, "MediaWidevineNoWMF" };