`eval(nonString)` should not have observable side effects
Categories
(Core :: JavaScript Engine, task)
Tracking
()
Tracking | Status | |
---|---|---|
firefox75 | --- | fixed |
People
(Reporter: evilpie, Assigned: evilpie)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
This spec change means for us that we need to move the check for non-string values in eval before calling the CSP check function isRuntimeCodeGenEnabled
. As an additional cleanup we can change the contentSecurityPolicyAllows
callback to only accept strings.
This causes the failure in the WPT /content-security-policy/generic/eval-typecheck-callout-order.tentative.html.
Assignee | ||
Comment 1•4 years ago
|
||
After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is allowed before calling that callback.
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/autoland/rev/bc387540075d `eval(nonString)` should not have observable side effects. r=tcampbell,baku
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/21800 for changes under testing/web-platform/tests
Comment 4•4 years ago
|
||
Backed out changeset bc387540075d (Bug 1615405) on evilpie's request
Backout link: https://hg.mozilla.org/integration/autoland/rev/0f2ec07359bb4f587dc8ec9231e0ed665e86c3b4
Upstream PR was closed without merging
Assignee | ||
Comment 6•4 years ago
|
||
I accidentally deleted the WPT test instead of the .ini meta file. Fixed now.
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/autoland/rev/d316204aeaa5 `eval(nonString)` should not have observable side effects. r=tcampbell,baku
Comment 8•4 years ago
|
||
bugherder |
Description
•