Remove eval from harness.xul

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P3
normal
RESOLVED FIXED
8 months ago
7 months ago

People

(Reporter: vinoth, Assigned: vinoth)

Tracking

(Blocks 1 bug)

unspecified
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 attachment)

Eval(), new Function() should never execute with system principal.It is being removed everywhere from our codebase as part of Bug 1473549.

The affected code which should be rewritten,
https://dxr.mozilla.org/mozilla-central/rev/c291143e24019097d087f9307e59b49facaf90cb/testing/mochitest/harness.xul#51
Assignee

Updated

8 months ago
Component: Mochitest → DOM: Security
Product: Testing → Core
Version: Version 3 → unspecified
Whiteboard: [domsecurity-backlog1]
Assignee

Updated

7 months ago
Assignee: nobody → cegvinoth
Comment on attachment 9019020 [details]
Bug 1498572 - Remove eval from harness.xul

Please kindly review the patch and let me know if changes are needed.
Corresponding TRY push for this patch is,
https://treeherder.mozilla.org/#/jobs?repo=try&revision=471f14cb23e9edd966f120928ff61f422b7df11a&selectedJob=206979515
Attachment #9019020 - Flags: review?(ckerschb)
Comment on attachment 9019020 [details]
Bug 1498572 - Remove eval from harness.xul

As mentioned in Phabricator, if that works I am fine with it. thanks!
Attachment #9019020 - Flags: review?(ckerschb) → review+
Assignee

Updated

7 months ago
Keywords: checkin-needed

Comment 4

7 months ago
Pushed by ebalazs@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6615d7dcdec1
Remove eval from harness.xul r=ckerschb
Keywords: checkin-needed

Comment 5

7 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/6615d7dcdec1
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.