Closed Bug 1491759 Opened 3 years ago Closed 3 years ago
Remove eval from load
Privileged Script() in specialpowers API .js
46 bytes, text/x-phabricator-request
|Details | Review|
As part of Bug 1473549, we are in the process of adding an assertion to make sure that eval() is not executed with system principal. Eval() has been used in loadPrivilegedScript() in specialpowersAPI.js, We need to remove this eval() and replace it with someother alternative.
Hi, Please see comment 1, It seems that this eval() (https://dxr.mozilla.org/mozilla-central/rev/7ed950e60f3c1f8a47c117c04124d31e94a66e32/testing/specialpowers/content/specialpowersAPI.js#520) is added as part of Bug 1260076 by you and please take a look at. Apparently we need to remove this eval from that function. Let me know you comments.
AFAICT The goal is to load the chrome privileged script in the content process for testing, basically for Presentation API. I don't have a good idea how to replace it. If it's too hard and asserting |eval()| matters, you can disable the relative tests.
Comment on attachment 9015183 [details] Bug 1491759 - Replaced eval with loadSubScript from loadPrivilegedScript() in specialpowersAPI.js I have replaced eval() with loadsubscript(). Please kindly review the patch and let me know if changes are needed. Try server push for this change is, https://treeherder.mozilla.org/#/jobs?repo=try&revision=eb7603d26895cd46f58bca4ae69fb4c291d6f37c
Attachment #9015183 - Flags: review?(juhsu)
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/1bae9022b97e Replaced eval with loadSubScript from loadPrivilegedScript() in specialpowersAPI.js r=JuniorHsu
You need to log in before you can comment on or make changes to this bug.