Glean ping tag should be sanitized/validated #32
Description
It was brought up in a secreview of Glean, that it would be a very good idea to sanitize/validate the ping tag names that we are sending to the Glean Debug View. The concern being the possibility of injecting some cross-site scripting payload there. Since this is both inserted into a header, and displayed to a user on the debug view, there are a couple of attack vectors here.
We do some validation against a regex on the Glean client side of things. Currently we validate the ping tag against the following regex: ^[a-zA-Z0-9-]{1,20}$. This should limit the tag to upper and lowercase alphanumeric characters and dashes, to a maximum length of 20 characters.
It's probably a good idea to do normal web user-input sanitization on this field on ingestion side of things, or whatever measure is appropriate to mitigate the risk.