Update 1: It broke in production…see this vlog for a review of how it broke and how we fixed it.
Update 2: This change was discussed on the r/Firefox.
Update 3: This change broke in production again and this time it was
*disabled by default for all Firefox users. See
Bug 1636855 for
details. You can still enable this behavior by setting
true. Buy me a 🍺
sometime if you want to hear more about this.
Bug 1320229 - allow user pastes longer than input maxlength r=masayuki author sanketh <[email protected]> Mon, 27 Apr 2020 01:29:43 +0000 (3 days ago) changeset 526144 31503d35be56c1c7ba295b7bf3df2981384a75a8 parent 526143 fa436826f669b38d8cba67ae7245f4e0f68d18f5 child 526145 7136265fbb0f64505bb9036a8d51f40499b65674
I found this bug via this twitter
thread where it was
mentioned that people were using the
maxlength attribute for
and this caused them to be truncated silently (which sucks if you are using a
password manager and chose a password longer than the maxlength.) I also
encountered this bug in the past but was too lazy to fix it then, so when I saw
the BugZilla link and the responses to the tweet, I was like, maybe someone
should fix it and
about it in
#security. After a bunch of back and forth, I was
asked if I would be
willing to write a patch, and I
chose to do
it.1 The patch allows longer pastes by the user and the
validation is taken care of by the form validator (which takes care of
minlength, for example.)
It was a pretty fun experience and people were really nice and accommodating. I
had never worked on a browser before so it was fun learning how the sausage is
made. I also never worked on such a huge codebase, compiling Firefox from source
takes over an hour on my dinky laptop. Thankfully, I got used to doing
development on DigitalOcean droplets (for CTFs) so getting the compile time down
to a more manageable 20-40 minutes was as simple as upgrading the droplet. Once
I cloned the repo and was able to build it, the next step was to write code. But
hg status took forever. After some digging, I learnt about
which made it instantaneous. Oh, yeah, I also learned how to use
hg, it is not
that hard if you are familiar with
git and the DAG model. Quick shout-out to
the blog posts of tangent
spaces and Botond
for helping me setup VSCode/clangd. Once I gain more experience working on
mozilla-central, I will write a post with some tips and tricks.
What are you waiting for? You can checkout this and other recently landed stuff in Firefox Nightly.
I wanna thank people on
#securityfor engaging me and helping find a solution, and people on
#introductionfor aiding me get setup. Special thanks to MattN and Masayuki for tolerating my stupid questions and helping me write an acceptable patch.