59 bytes, text/x-review-board-request
Flags: needinfo?(amckay) → needinfo?(dveditz)
(In reply to Luca Greco [:rpl] from comment #2) > the expanded principal (which are used by the content scripts) gets a "free pass" I just noticed that there was a typo in comment 2: I meant to write "which is used", and it means that "content scripts use an expanded principipal".
> my guess is that currently the content scrips are not currently affected Yep, this agrees with what lcrouch reported in the GitHub issue: https://github.com/EFForg/privacybadger/issues/1098#issuecomment-271109418
Assignee: nobody → lgreco
Priority: -- → P2
Comment on attachment 8827425 [details] Bug 1329731 - Add moz-extension to the principals immune to script policy. https://reviewboard.mozilla.org/r/105112/#review107566 ::: js/xpconnect/src/XPCJSContext.cpp:352 (Diff revision 1) > aPrincipal->GetURI(getter_AddRefs(principalURI)); > MOZ_ASSERT(principalURI); > + > + // WebExtension principals gets a free pass. > + bool isWebExtension; > + nsresult rv = principalURI->SchemeIs("moz-extension", &isWebExtension); Please check `principal->GetAddonId` instead.
Not sure what info is needed here. The patch looks sensible.
Comment on attachment 8827425 [details] Bug 1329731 - Add moz-extension to the principals immune to script policy. https://reviewboard.mozilla.org/r/105112/#review107566 > Please check `principal->GetAddonId` instead. Sure, patch updated as suggested.
Attachment #8827425 - Flags: review?(bobbyholley)
Comment on attachment 8827425 [details] Bug 1329731 - Add moz-extension to the principals immune to script policy. https://reviewboard.mozilla.org/r/105112/#review113438
Attachment #8827425 - Flags: review?(bobbyholley) → review+
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/5cf2c9494288 Add moz-extension to the principals immune to script policy. r=bholley
How to fix this in the version ESR 52.2.1?
You need to log in before you can comment on or make changes to this bug.