Security/Reviews/Gaia/Contacts: Difference between revisions

Jump to navigation Jump to search
Line 56: Line 56:
===== new =====
===== new =====


The new activity is used to create a new contact. It opens  
The new activity is used to create a new contact. It opens the contact editor screen.


     "new": {
     "new": {
Line 67: Line 67:
     },
     },


TODO The activity handler copies all parameters from activity.source.params to the request params. Is it possible to cause anything bad there?
TODO The activity handler copies all parameters from activity.source.params to the request params. Is it possible to cause anything bad there? It seems to pass an 'id' and 'extras' parameter.
 
The actual contact editor is shown at https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/contacts/js/contacts.js#L68
 
If an id was passed as a request param then addExtrasToContact is called to process the extras param which is a JSON encoded object. The fields of the extras object are added to the existing contact.
 
TODO: It seems that it is possible to add any kind of field to a contact?
TODO How to obtain contact ids?


===== pick =====
===== pick =====
Confirmed users
971

edits

Navigation menu