The default bug view has changed. See this FAQ.

evalInGlobalScope as a secure alternative to eval

RESOLVED DUPLICATE of bug 785174

Status

()

Core
JavaScript Engine
RESOLVED DUPLICATE of bug 785174
7 years ago
5 years ago

People

(Reporter: John J. Barton, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [firebug-p2])

(Reporter)

Description

7 years ago
We have eval() which dynamically compiles code into the current scope and runs it with the current security principal. We have evalInSandbox which compiles code in an container and runs it with a security principal given at sandbox construction. The missing combination is an eval which compiles code into a given scope and runs it under the security principal of that scope.

For an inner nsIDOMWindow 'win', evalInGlobalScope(str, win) should give an XPCSafeJSObjectWrapper around an object that is precisely as one would get by running win.eval(str) with the principal of 'win'.

This would allow Firebug's command line to be implemented very simply. It would also allow extension code to generally avoid eval() with extension (system) principal.

See also
http://groups.google.com/group/mozilla.dev.platform/browse_thread/thread/9d6404c7c940097b#

If possible, then for jsdIStackframe.scope 'scope', then evalInGlobalScope(str, scope) would be supported. If not we may want to call the function evalInDOMWindow().

The option filename and line numbers of evalInSandbox() would nice.
(Reporter)

Updated

7 years ago
Whiteboard: [firebug-p2]
blocking2.0: --- → ?
(Reporter)

Updated

7 years ago
Blocks: 529079

Comment 1

7 years ago
can I get a rationale for this blocking nomination?
(Reporter)

Updated

7 years ago
blocking2.0: ? → ---
(Reporter)

Comment 2

7 years ago
The short answer is "no", I was trying to express "gee if we had this in the 3.7 plan we could plan to work on the Firebug parts". But it's not so we won't.

Comment 3

5 years ago
Just want to add, that one Firebug issue related to this is http://code.google.com/p/fbug/issues/detail?id=1472.

Sebastian

Comment 4

5 years ago
I expect the fix for bug 785174 should serve here, as well. If not, please un-dup and explain.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 785174
You need to log in before you can comment on or make changes to this bug.