Closed Bug 1615405 Opened 2 months ago Closed 2 months ago

`eval(nonString)` should not have observable side effects

Categories

(Core :: JavaScript Engine, task)

task
Not set

Tracking

()

RESOLVED FIXED
mozilla75
Tracking Status
firefox75 --- fixed

People

(Reporter: evilpie, Assigned: evilpie)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

This spec change means for us that we need to move the check for non-string values in eval before calling the CSP check function isRuntimeCodeGenEnabled. As an additional cleanup we can change the contentSecurityPolicyAllows callback to only accept strings.

This causes the failure in the WPT /content-security-policy/generic/eval-typecheck-callout-order.tentative.html.

After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is allowed before calling that callback.

Pushed by evilpies@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/bc387540075d
`eval(nonString)` should not have observable side effects. r=tcampbell,baku
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/21800 for changes under testing/web-platform/tests

Backed out changeset bc387540075d (Bug 1615405) on evilpie's request

Backout link: https://hg.mozilla.org/integration/autoland/rev/0f2ec07359bb4f587dc8ec9231e0ed665e86c3b4

Flags: needinfo?(evilpies)
Upstream PR was closed without merging

I accidentally deleted the WPT test instead of the .ini meta file. Fixed now.

Flags: needinfo?(evilpies)
Pushed by evilpies@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/d316204aeaa5
`eval(nonString)` should not have observable side effects. r=tcampbell,baku
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
You need to log in before you can comment on or make changes to this bug.