Closed Bug 509038 Opened 11 years ago Closed 11 years ago

Tweak all_security_filterUnsafeJS() regexs

Categories

(addons.mozilla.org Graveyard :: Admin/Editor Tools, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: clouserw, Assigned: rjwalsh)

References

Details

Attachments

(1 file)

Two regex's are too broad right now:

/.launch/ and /eval/ should both be trying to match parenthesis afterwards.  Something like /eval\s*\(/.
Summary: Tweak all_security_filterUnsafJS() regexs → Tweak all_security_filterUnsafeJS() regexs
Actually, I wrote /\beval\s*\(/ because matching "eval" at the end of a longer word makes little sense as well - \b makes sure that "eval" is the whole word.
Duplicate of this bug: 508977
From: https://addons.mozilla.org/en-US/developers/versions/validate/71618

#   chrome/flashblock.jar/content/flashblock/flashblock.css (58) : Matched Pattern: "/-moz-binding:(?!\s*url\s*\(\s*["']?chrome:\/\/.*\/content\/)/"
{ 
-moz-binding: none !important; 
} 

Also how about resource urls?
(In reply to comment #3)
> From: https://addons.mozilla.org/en-US/developers/versions/validate/71618
> 
> #   chrome/flashblock.jar/content/flashblock/flashblock.css (58) : Matched
> Pattern: "/-moz-binding:(?!\s*url\s*\(\s*["']?chrome:\/\/.*\/content\/)/"
> { 
> -moz-binding: none !important; 
> } 
> 
> Also how about resource urls?

resource urls can point to http as I recall so they should still be flagged
Attachment #393220 - Flags: review?(clouserw)
Attachment #393220 - Flags: review?(clouserw) → review+
Fixed in r48781
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Duplicate of this bug: 510305
Duplicate of this bug: 512107
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.