Bug 987310 - Sanitize the filter predicates loaded from the preferences, r=rcampbell
☠☠ backed out by a26977bf2252 ☠ ☠
authorVictor Porof <vporof@mozilla.com>
Mon, 24 Mar 2014 15:39:18 -0400
changeset 175419 dff900f56c49cba46f59e89a792e984c868e1fcc
parent 175418 73edfcfeb6e2f6ec0add36b557119f787f32eb95
child 175420 85244371da5db5c7be63f76249bcc31ecb82c572
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersrcampbell
bugs987310
milestone31.0a1
Bug 987310 - Sanitize the filter predicates loaded from the preferences, r=rcampbell
browser/devtools/netmonitor/netmonitor-view.js
browser/devtools/netmonitor/test/browser.ini
browser/devtools/netmonitor/test/browser_net_filter-04.js
--- a/browser/devtools/netmonitor/netmonitor-view.js
+++ b/browser/devtools/netmonitor/netmonitor-view.js
@@ -694,16 +694,21 @@ RequestsMenuView.prototype = Heritage.ex
    * Enables the given filter, its button and toggles 'all' off if the filter to
    * be enabled is the first one active.
    *
    * @param string aType
    *        Either "all", "html", "css", "js", "xhr", "fonts", "images", "media"
    *        "flash" or "other".
    */
   _enableFilter: function (aType) {
+    // Make sure this is a valid filter type.
+    if (Object.keys(this._allFilterPredicates).indexOf(aType) == -1) {
+      return;
+    }
+
     // Add the filter to the list of active filters.
     this._activeFilters.push(aType);
 
     // Add the checked status to the filter button.
     let target = $("#requests-menu-filter-" + aType + "-button");
     target.setAttribute("checked", true);
 
     // Check if 'all' was selected before. If so, disable it.
@@ -712,43 +717,48 @@ RequestsMenuView.prototype = Heritage.ex
     }
   },
 
   /**
    * Returns a predicate that can be used to test if a request matches any of
    * the active filters.
    */
   get _filterPredicate() {
-    let filterPredicates = {
-      "all": () => true,
-      "html": this.isHtml,
-      "css": this.isCss,
-      "js": this.isJs,
-      "xhr": this.isXHR,
-      "fonts": this.isFont,
-      "images": this.isImage,
-      "media": this.isMedia,
-      "flash": this.isFlash,
-      "other": this.isOther
-    };
+    let filterPredicates = this._allFilterPredicates;
 
      if (this._activeFilters.length === 1) {
        // The simplest case: only one filter active.
        return filterPredicates[this._activeFilters[0]].bind(this);
      } else {
        // Multiple filters active.
        return requestItem => {
          return this._activeFilters.some(filterName => {
            return filterPredicates[filterName].call(this, requestItem);
          });
        };
      }
   },
 
   /**
+   * Returns an object with all the filter predicates as [key: function] pairs.
+   */
+  get _allFilterPredicates() ({
+    all: () => true,
+    html: this.isHtml,
+    css: this.isCss,
+    js: this.isJs,
+    xhr: this.isXHR,
+    fonts: this.isFont,
+    images: this.isImage,
+    media: this.isMedia,
+    flash: this.isFlash,
+    other: this.isOther
+  }),
+
+  /**
    * Sorts all network requests in this container by a specified detail.
    *
    * @param string aType
    *        Either "status", "method", "file", "domain", "type", "size" or
    *        "waterfall".
    */
   sortBy: function(aType = "waterfall") {
     let target = $("#requests-menu-" + aType + "-button");
--- a/browser/devtools/netmonitor/test/browser.ini
+++ b/browser/devtools/netmonitor/test/browser.ini
@@ -45,16 +45,17 @@ support-files =
 [browser_net_copy_image_as_data_uri.js]
 [browser_net_copy_url.js]
 [browser_net_copy_as_curl.js]
 [browser_net_cyrillic-01.js]
 [browser_net_cyrillic-02.js]
 [browser_net_filter-01.js]
 [browser_net_filter-02.js]
 [browser_net_filter-03.js]
+[browser_net_filter-04.js]
 [browser_net_footer-summary.js]
 [browser_net_html-preview.js]
 [browser_net_icon-preview.js]
 [browser_net_image-tooltip.js]
 [browser_net_json-long.js]
 [browser_net_json-malformed.js]
 [browser_net_json_custom_mime.js]
 [browser_net_json_text_mime.js]
new file mode 100644
--- /dev/null
+++ b/browser/devtools/netmonitor/test/browser_net_filter-04.js
@@ -0,0 +1,38 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Tests if invalid filter types are sanitized when loaded from the preferences.
+ */
+
+function test() {
+  Services.prefs.setCharPref("devtools.netmonitor.filters", '["js", "bogus"]');
+
+  initNetMonitor(FILTERING_URL).then(([aTab, aDebuggee, aMonitor]) => {
+    info("Starting test... ");
+
+    let { Prefs } = aMonitor.panelWin;
+
+    is(Prefs.filters.length, 2,
+      "All filter types were loaded as an array from the preferences.");
+    is(Prefs.filters[0], "js",
+      "The first filter type is correct.");
+    is(Prefs.filters[1], "bogus",
+      "The second filter type is invalid, but loaded anyway.");
+
+    waitForNetworkEvents(aMonitor, 7).then(() => {
+      testFilterButtons(aMonitor, "js");
+      ok(true, "Only the correct filter type was taken into consideration.");
+
+      teardown(aMonitor).then(() => {
+        let filters = Services.prefs.getCharPref("devtools.netmonitor.filters");
+        is(filters, '["js"]',
+          "The bogus filter type was ignored and removed from the preferences.");
+
+        finish();
+      });
+    });
+
+    aDebuggee.performRequests('{ "getMedia": true, "getFlash": true }');
+  });
+}