In D208659#7161399, @rkraesig wrote:

In D208659#7161278, @NeilDeakin wrote:

Wasn't sure whether to make this change Windows-specific. Thoughts?

Just speaking personally, as a Linux user, I'd generally prefer U+005F to U+0020 as a replacement character.

I would concur with this sentiment, fwiw.

uriloader/exthandler/nsExternalHelperAppService.cpp
3680–3681	Instead of matching that, can we change the extension filter to match the underscore bits? Given the source of this bug that feels safer - or am I missing something here?

NeilDeakin added inline comments.Apr 26 2024, 8:32 PM

uriloader/exthandler/nsExternalHelperAppService.cpp
3680–3681	https://bugzilla.mozilla.org/show_bug.cgi?id=1891234#c9 suggests that we shouldn't change the filepicker handling. This part doesn't relate to the underscore change. This handles when the filename is, for example 'sample. png'

NeilDeakin updated this revision to Diff 855563.Apr 29 2024, 9:05 PM

Harbormaster completed remote builds in B654717: Diff 855563.Apr 29 2024, 9:05 PM

This seems reasonable to me.

Can we move the new test coverage to a separate patch/bug that we land after this makes it to release, so as not to paint quite such a bulls-eye on the vulnerability?

uriloader/exthandler/nsExternalHelperAppService.cpp
3671–3672	This is a useful statement of fact, but can we extend the comment to include what we're doing in response and why? I _think_ that means something like: to avoid "duplicate" '. png.png' type suffixes, strip out whitespace from the extension part of the filename here but I'm not sure.

This revision is now accepted and ready to land.Apr 30 2024, 11:01 AM

This revision requires a Testing Policy Project Tag to be set before landing. Please apply one of testing-approved, testing-exception-unchanged, testing-exception-ui, testing-exception-elsewhere, testing-exception-other. Tip: this Firefox add-on makes it easy!

phab-bot removed a subscriber: mccr8.May 2 2024, 1:19 PM

NeilDeakin updated this revision to Diff 858397.May 6 2024, 1:58 PM

Herald added a reviewer: extension-reviewers. · View Herald TranscriptMay 6 2024, 1:58 PM

Herald added a subscriber: mixedpuppy. · View Herald Transcript

This revision now requires review to proceed.May 6 2024, 1:58 PM

Harbormaster completed remote builds in B657120: Diff 858397.May 6 2024, 1:58 PM

phab-bot removed a subscriber: mixedpuppy.May 6 2024, 1:58 PM

robwu accepted this revision.May 6 2024, 2:43 PM

robwu edited projects, added testing-approved; removed needs-testing-tag.

This revision is now accepted and ready to land.May 6 2024, 2:43 PM

Closed by commit rMOZILLACENTRAL4b7fe66103e5: Bug 1891234, additional filename filter checks, r=Gijs,extension-reviewers,robwu (authored by NeilDeakin). · Explain WhyMay 6 2024, 6:08 PM

This revision was automatically updated to reflect the committed changes.

NeilDeakin added a commit: rMOZILLACENTRAL4b7fe66103e5: Bug 1891234, additional filename filter checks, r=Gijs,extension-reviewers,robwu.

phab-bot added a subscriber: aryx.May 6 2024, 7:39 PM

nfay reopened this revision.May 6 2024, 7:40 PM

This revision is now accepted and ready to land.May 6 2024, 7:40 PM

nfay added a reverting change: rMOZILLACENTRALc70f720dd79a: Backed out changeset 4b7fe66103e5 (bug 1891234) for causing multiple failures….May 6 2024, 7:40 PM

NeilDeakin updated this revision to Diff 860006.May 9 2024, 1:24 AM

Harbormaster completed remote builds in B658473: Diff 860006.May 9 2024, 1:24 AM

The QuotaManager code seems to have a separate set of constants that it expects to be identical to FILE_ILLEGAL_CHARACTERS but also expects certain characters -- in this case the percent sign -- not to be in that constant. The filenames it uses are escaped urls which often contain percent signs. Fixing that seems to require more work and a better understanding of that code, so I'm just handling the percent sign separately as it is only an issue with the Windows file picker, and will file a separate bug on the QuotaManager sanitization.

NeilDeakin removed a reviewer: robwu.May 9 2024, 1:32 AM

This still seems reasonable to me; let's make sure we have that follow-up for QM.

This revision is now accepted and ready to land.May 10 2024, 9:29 PM

NeilDeakin updated this revision to Diff 861841.May 14 2024, 5:09 PM

Herald added a subscriber: mak. · View Herald TranscriptMay 14 2024, 5:09 PM

Harbormaster completed remote builds in B660002: Diff 861841.May 14 2024, 5:09 PM

phab-bot removed a subscriber: mak.May 14 2024, 5:10 PM

Closed by commit rMOZILLACENTRAL91862a7f6297: Bug 1891234, additional filename filter checks, r=Gijs,extension-reviewers (authored by NeilDeakin). · Explain WhyMay 14 2024, 9:19 PM

This revision was automatically updated to reflect the committed changes.

NeilDeakin added a commit: rMOZILLACENTRAL91862a7f6297: Bug 1891234, additional filename filter checks, r=Gijs,extension-reviewers.

phab-bot removed a subscriber: aryx.May 15 2024, 9:10 AM

phab-bot changed the visibility from "Custom Policy" to "Custom Policy".May 15 2024, 9:17 PM