Skip to content

Null byte in ?tagged leads to a 500 ValueError: A string literal cannot contain NUL (0x00) characters. #2815

Open
Open
Null byte in ?tagged leads to a 500 ValueError: A string literal cannot contain NUL (0x00) characters.#2815
Assignees
emilghittasv
Labels
bugSomething isn't working
@emilghittasv

Description

@emilghittasv
emilghittasv
opened on Feb 18, 2026

Steps to reproduce
Steps to reproduce the behavior:

  1. Go to https://support.mozilla.org/en-US/questions/all?tagged=%00

Expected behavior
No errors

Actual behavior
500 and sentry fires https://mozilla.sentry.io/issues/4933540175/?project=4504326799753216&query=is%3Aunresolved&referrer=issue-stream&sort=freq

Additional context
It seems that the null byte is not sanitized and is fed directly into the query at https://github.com/mozilla/kitsune/blob/91a37421e5607d56e4de554f67c06a2131188c93/kitsune/questions/views.py#L296

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

Mozilla Support
Status
📚 review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions