Carve out more edge cases for javascriptLoad restrictions, and let Telemetry ride the trains
Categories
(Firefox :: Security, enhancement)
Tracking
()
Tracking | Status | |
---|---|---|
firefox87 | --- | fixed |
People
(Reporter: tjr, Assigned: tjr)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
See discussion in https://github.com/xiaoxiaoflood/firefox-scripts/issues/64
Specifically:
Presently my dataset is restricted to Nightly, so it may be coming primarily from bootstrapLoader.xpi. I'm going to propose checking for xpinstall.signatures.required = false and if so, disable our checks. Hopefully that quiets down the activity. It's preferable to get the data down to near-zero, that means that we understood what the problem was and there's less chance of breaking something unknown!
The other possibility is workers; but given the example provided actually uses the chrome:// scheme (and we allow those) I'm feeling less sure of this. Still; I don't think it would be hard to introduce a static variable to check general.config.filename off-main-thread. (TBH I'm not sure why I didn't do that in the beginning.)
Assignee | ||
Comment 1•4 years ago
|
||
Comment 3•4 years ago
|
||
Backed out changeset 2ade9dd19ad1 (bug 1688800) for build bustages at nsContentSecurityUtils.cpp.
https://hg.mozilla.org/integration/autoland/rev/f808cc5ebe004bb4f316cf068b8b61d54b18b1e3
Push with failures:
https://treeherder.mozilla.org/jobs?repo=autoland&revision=2ade9dd19ad1d18ab8b1ade6090d5c8c8308213d&selectedTaskRun=B03AzYDpS76NHGCXW5Ga9g.0
Failure log:
https://treeherder.mozilla.org/logviewer?job_id=328122269&repo=autoland&lineNumber=44177
Comment 6•4 years ago
|
||
bugherder |
Description
•