Last Comment Bug 602212 - Use js.msg when CSP blocks eval
: Use js.msg when CSP blocks eval
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla11
Assigned To: Tom Schuster [:evilpie]
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2010-10-06 08:40 PDT by Jason Orendorff [:jorendorff]
Modified: 2011-11-25 02:24 PST (History)
4 users (show)
mounir: in‑testsuite?
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

v1 (3.02 KB, patch)
2010-10-06 09:24 PDT, Jason Orendorff [:jorendorff]
brendan: review+
Details | Diff | Splinter Review
refreshed (1.93 KB, patch)
2011-11-03 14:32 PDT, Tom Schuster [:evilpie]
jorendorff: review+
Details | Diff | Splinter Review

Description Jason Orendorff [:jorendorff] 2010-10-06 08:40:26 PDT

Comment 1 Jason Orendorff [:jorendorff] 2010-10-06 09:22:06 PDT
I'll fix this in bug 592664 after all.

*** This bug has been marked as a duplicate of bug 592664 ***
Comment 2 Jason Orendorff [:jorendorff] 2010-10-06 09:23:42 PDT
Sorry. No coffee yet. Will fix.
Comment 3 Jason Orendorff [:jorendorff] 2010-10-06 09:24:48 PDT
Created attachment 481245 [details] [diff] [review]
Comment 4 Brendan Eich [:brendan] 2010-10-06 12:09:39 PDT
Comment on attachment 481245 [details] [diff] [review]

r=me with a double-check that caps isn't double-reporting.

Comment 5 Jason Orendorff [:jorendorff] 2010-10-08 00:02:50 PDT
Do you mean a JS_ASSERT or an actual "if (!cx->throwing)" around the JS_ReportErrorNumber calls?
Comment 6 Brendan Eich [:brendan] 2010-10-08 07:56:12 PDT
(In reply to comment #5)
> Do you mean a JS_ASSERT or an actual "if (!cx->throwing)" around the
> JS_ReportErrorNumber calls?

Or just inspect the caps code (I tried a grep and saw some Report matches, so was not sure). But asserting is better, if JS_ReportErrorNumber doesn't already.

Comment 7 Tom Schuster [:evilpie] 2011-11-03 14:32:41 PDT
Created attachment 571782 [details] [diff] [review]
Comment 8 Jason Orendorff [:jorendorff] 2011-11-21 11:51:38 PST
Comment on attachment 571782 [details] [diff] [review]

Confirmed, the hook for this in CAPS (nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction) does not report an error.

Thanks for digging this one up, evilpie.
Comment 10 Mounir Lamouri (:mounir) 2011-11-25 02:24:07 PST

Note You need to log in before you can comment on or make changes to this bug.