Closed
Bug 1399997
Opened 7 years ago
Closed 7 years ago
Remove usage of eval and new Function() in JSM scopes
Categories
(Core :: XPConnect, enhancement)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fixed |
People
(Reporter: kmag, Assigned: kmag)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
Aside from being a security and performance concern, this poses problems for JSM global sharing.
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
||
Comment 4•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8908321 [details]
Bug 1399997: Part 3 - Update module environment tests with TODOs for shared module eval bindings.
https://reviewboard.mozilla.org/r/179958/#review185156
Thanks for the cleanup. Making these TODOs makes sense.
Attachment #8908321 -
Flags: review?(tcampbell) → review+
|
||
Comment 5•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8908319 [details]
Bug 1399997: Part 1 - Fix eval usage in Redux.jsm.
https://reviewboard.mozilla.org/r/179954/#review185194
Eww
Attachment #8908319 -
Flags: review+
|
Assignee | |
Comment 6•7 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8908319 [details]
Bug 1399997: Part 1 - Fix eval usage in Redux.jsm.
https://reviewboard.mozilla.org/r/179954/#review185194
Agreed.
Thanks!
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8908319 -
Flags: review?(standard8)
|
|
Assignee | |
Comment 7•7 years ago
|
||
Parts 1 and 3 are enough to unblock bug 1381961, so landing those now. Part 2 will still be needed for bug 1396145.
Keywords: leave-open
|
|
Assignee | |
Comment 8•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/81e5e9200b41b827addbecfe34736bfd13249ab9
Bug 1399997: Part 1 - Fix eval usage in Redux.jsm. r=Mossop
https://hg.mozilla.org/integration/mozilla-inbound/rev/216079d767e7fd9351abf09e605ae63c2948bd53
Bug 1399997: Part 3 - Update module environment tests with TODOs for shared module eval bindings. r=tcampbell
|
||
Comment 9•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8908320 [details]
Bug 1399997: Part 2 - Fix eval usage in PhoneNumber.jsm.
https://reviewboard.mozilla.org/r/179956/#review185246
Attachment #8908320 -
Flags: review?(MattN+bmo) → review+
|
|
Assignee | |
Comment 10•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2a05fcf72a3a061d94fdb867c934e8f2c4bd3dde
Bug 1399997: Part 2 - Fix eval usage in PhoneNumber.jsm. r=MattN
|
|
Assignee | |
Updated•7 years ago
|
Keywords: leave-open
|
||
Comment 11•7 years ago
|
||
NI to activity stream folks, to make sure they seem the part 1 change.
Flags: needinfo?(edilee)
Flags: needinfo?(dmose)
|
||
Comment 12•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/81e5e9200b41
https://hg.mozilla.org/mozilla-central/rev/216079d767e7
https://hg.mozilla.org/mozilla-central/rev/2a05fcf72a3a
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
|
||
Updated•7 years ago
|
Flags: needinfo?(edilee)
Flags: needinfo?(dmose)
|
||
Comment 13•7 years ago
|
||
Commit pushed to master at https://github.com/mozilla/activity-stream
https://github.com/mozilla/activity-stream/commit/5a1cb33f0ab5cfd453cef286afa3321381252195
chore(vendor): Backport Bug 1399997 - Remove usage of eval and new Function() in JSM scopes. r=Mossop (#3495)
You need to log in
before you can comment on or make changes to this bug.
Description
•