Closed
Bug 1662189
Opened 4 years ago
Closed 4 years ago
Enforce eval() restrictions on release
Categories
(Core :: DOM: Security, enhancement, P1)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
82 Branch
People
(Reporter: tjr, Assigned: tjr)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
The following query indicates that we have 17 unique clients reporting eval usage in Firefox 80 (and none in 77/78/79) since June 1. Of those, 13 are in release and the rest are in beta/nightly where enforcement is already enabled.
I think this number is low enough for us to enable the eval() restrictions in release.
SELECT event_object,
event_method,
event_string_value,
app_version,
normalized_channel,
TO_JSON_STRING(event_map_values),
event_process,
count(*) AS count_reports,
count(distinct client_id) as count_distinct_clients
FROM telemetry.events
WHERE event_category = 'security'
AND submission_date >= '2020-06-1'
AND app_version > '77'
and event_method = 'evalUsage'
GROUP BY event_method,
event_object,
event_string_value,
app_version,
normalized_channel,
TO_JSON_STRING(event_map_values),
event_process
ORDER BY app_version desc, normalized_channel, event_string_value
|
Assignee | |
Comment 1•4 years ago
|
||
|
||
Updated•4 years ago
|
Severity: -- → S4
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
Pushed by nerli@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cd7bcfed8ef6 Enforce eval() restrictions on release r=freddyb,ckerschb
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox82:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
|
|
Assignee | |
Updated•4 years ago
|
tracking-firefox82:
--- → +
You need to log in
before you can comment on or make changes to this bug.
Description
•