Closed
Bug 1498572
Opened 6 years ago
Closed 6 years ago
Remove eval from harness.xul
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla65
Tracking | Status | |
---|---|---|
firefox65 | --- | fixed |
People
(Reporter: vinoth, Assigned: vinoth)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
Eval(), new Function() should never execute with system principal.It is being removed everywhere from our codebase as part of Bug 1473549.
The affected code which should be rewritten,
https://dxr.mozilla.org/mozilla-central/rev/c291143e24019097d087f9307e59b49facaf90cb/testing/mochitest/harness.xul#51
Assignee | ||
Updated•6 years ago
|
Component: Mochitest → DOM: Security
Product: Testing → Core
Version: Version 3 → unspecified
Updated•6 years ago
|
Whiteboard: [domsecurity-backlog1]
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → cegvinoth
Assignee | ||
Comment 2•6 years ago
|
||
Comment on attachment 9019020 [details]
Bug 1498572 - Remove eval from harness.xul
Please kindly review the patch and let me know if changes are needed.
Corresponding TRY push for this patch is,
https://treeherder.mozilla.org/#/jobs?repo=try&revision=471f14cb23e9edd966f120928ff61f422b7df11a&selectedJob=206979515
Attachment #9019020 -
Flags: review?(ckerschb)
Comment 3•6 years ago
|
||
Comment on attachment 9019020 [details]
Bug 1498572 - Remove eval from harness.xul
As mentioned in Phabricator, if that works I am fine with it. thanks!
Attachment #9019020 -
Flags: review?(ckerschb) → review+
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by ebalazs@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6615d7dcdec1
Remove eval from harness.xul r=ckerschb
Keywords: checkin-needed
Comment 5•6 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•