tabs.executeScript with code has "sandbox eval code" as filename in stack trace and CSP violation reports
Categories
(WebExtensions :: General, task, P3)
Tracking
(Not tracked)
People
(Reporter: robwu, Unassigned)
References
(Blocks 2 open bugs)
Details
browser.tabs.executeScript({code: "console.log(new Error().stack)"})
shows:
@sandbox eval code:1:1
In CSP violation reports, the sourceFile
field is "sandbox eval code".
If we were to try and fix bug 1588957 by filtering reports with sourceFile
moz-extension:
, then the logic wouldn't work because of this.
This string was introduced in https://hg.mozilla.org/mozilla-central/rev/a2f7185ec909 (bug 1577407) without unit test, but the immediate trigger for the snippet has been removed in https://hg.mozilla.org/mozilla-central/rev/f560d280f658584218a828e8dd7697fbfa809199 (bug 1673328). Consequently, the string "sandbox eval code" does not serve any clear purpose. For example, it could be changed to a dummy value moz-extension://00000000-0000-0000-0000-000000000000/executeScript
without triggering any test failure.
Comment 1•4 years ago
|
||
It seems like it could be useful to change that to use the moz-ext url as you suggest, though the real uuid.
Updated•4 years ago
|
Description
•