Closed Bug 88314 Opened 23 years ago Closed 5 years ago

Review browser JS for dangerous eval()'s

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1473549

People

(Reporter: security-bugs, Assigned: dveditz)

References

(Depends on 1 open bug)

Details

Attachments

(2 files)

patch: replace some evals with parseInt() and new RegExp() 23 years ago Jesse Ruderman 4.16 KB, patch		Details \| Diff \| Splinter Review
Current (8/2004) uses of eval, setInterval, setTimeout 20 years ago Daniel Veditz [:dveditz] 52.66 KB, text/plain		Details

Mitchell Stoltz (not reading bugmail)

Reporter

Description

•

23 years ago

As Brendan warned in bug 87980, there may be other places where eval() or new
Function calls may allow the running of unescaped or otherwise dangerous code.
Jesse, please do an lxr search on the calls Brendan mentioned and look for
potentially dangerous usages.

Jesse Ruderman

Updated

•

23 years ago

Priority: -- → P3

Target Milestone: --- → mozilla0.9.4

Jesse Ruderman

Updated

•

23 years ago

Target Milestone: mozilla0.9.4 → mozilla0.9.3

Jesse Ruderman

Updated

•

23 years ago

Target Milestone: mozilla0.9.3 → mozilla0.9.4

Jesse Ruderman

Comment 1

•

23 years ago

Attached patch patch: replace some evals with parseInt() and new RegExp() — Details — Splinter Review

Brendan Eich [:brendan]

Comment 2

•

23 years ago

r/sr=brendan@mozilla.org, nice.

/be

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 3

•

23 years ago

r=mstoltz. Let's check it in!

Jesse Ruderman

Comment 4

•

23 years ago

jat checked in the eval fix above for me because I was having trouble checking 
in.  I'll do setTimeout next.  (I didn't get all the evals, since I couldn't 
figure out what it was being used for in every case.)

Jesse Ruderman

Updated

•

23 years ago

Target Milestone: mozilla0.9.4 → mozilla0.9.5

Jesse Ruderman

Updated

•

23 years ago

Target Milestone: mozilla0.9.5 → mozilla0.9.7

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 5

•

23 years ago

Less important bugs retargeted to 0.9.9

Target Milestone: mozilla0.9.7 → mozilla0.9.9

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 6

•

23 years ago

Mozilla1.0

Target Milestone: mozilla0.9.9 → mozilla1.0

Jesse Ruderman

Updated

•

22 years ago

Depends on: 159605

Jesse Ruderman

Updated

•

22 years ago

Target Milestone: mozilla1.0 → mozilla1.2beta

Jesse Ruderman

Updated

•

22 years ago

Depends on: 192317

Jesse Ruderman

Updated

•

21 years ago

Depends on: 191817

Jesse Ruderman

Updated

•

20 years ago

Depends on: 247606

Jesse Ruderman

Updated

•

20 years ago

Target Milestone: mozilla1.2beta → ---

Alex Vincent [:WeirdAl]

Comment 7

•

20 years ago

I was just thinking about eval() in chrome.  Is anyone still interested in this 
bug?

Daniel Veditz [:dveditz]

Assignee

Comment 8

•

20 years ago

Attached file Current (8/2004) uses of eval, setInterval, setTimeout — Details

Brendan Eich [:brendan]

Comment 9

•

20 years ago

Search for /."/ (slashes delimit the text to find) in attachment 155057 [details] and you
will find more than a few bogus evals.  The first one is this:

  eval( "gICalLib."+functionToRun+"( calendarEvent, Server )" );

It should be done away with like so:

  gICalLib[functionToRun]( calendarEvent, Server );

And so on for the rest.

/be

Jesse Ruderman

Updated

•

20 years ago

Assignee: jruderman → dveditz

QA Contact: ckritzer

Jesse Ruderman

Updated

•

18 years ago

Depends on: 246720

Phil Ringnalda (:philor)

Updated

•

15 years ago

QA Contact: toolkit

:Gijs (he/him)

Comment 10

•

5 years ago

We're taking care of this in bug 1473549 now.

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.