Closed Bug 509038 Opened 16 years ago Closed 16 years ago

Tweak all_security_filterUnsafeJS() regexs

Categories

(addons.mozilla.org Graveyard :: Admin/Editor Tools, defect)

Product:
addons.mozilla.org Graveyard
Component:
Admin/Editor Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: clouserw, Assigned: rjwalsh)

References

Details

Attachments

(1 file)

Tweaks to regexes and tests
3.66 KB, patch
clouserw
: review+
Details | Diff | Splinter Review
Two regex's are too broad right now: /.launch/ and /eval/ should both be trying to match parenthesis afterwards. Something like /eval\s*\(/.
Summary: Tweak all_security_filterUnsafJS() regexs → Tweak all_security_filterUnsafeJS() regexs
Actually, I wrote /\beval\s*\(/ because matching "eval" at the end of a longer word makes little sense as well - \b makes sure that "eval" is the whole word.
From: https://addons.mozilla.org/en-US/developers/versions/validate/71618 # chrome/flashblock.jar/content/flashblock/flashblock.css (58) : Matched Pattern: "/-moz-binding:(?!\s*url\s*\(\s*["']?chrome:\/\/.*\/content\/)/" { -moz-binding: none !important; } Also how about resource urls?
(In reply to comment #3) > From: https://addons.mozilla.org/en-US/developers/versions/validate/71618 > > # chrome/flashblock.jar/content/flashblock/flashblock.css (58) : Matched > Pattern: "/-moz-binding:(?!\s*url\s*\(\s*["']?chrome:\/\/.*\/content\/)/" > { > -moz-binding: none !important; > } > > Also how about resource urls? resource urls can point to http as I recall so they should still be flagged
Attachment #393220 - Flags: review?(clouserw)
Attachment #393220 - Flags: review?(clouserw) → review+
Fixed in r48781
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: