All users were logged out of Bugzilla on October 13th, 2018
Created attachment 528341 [details] Add-on version with bypass code The attached file demonstrates how to bypass some validator flags, specifically the setTimeout flag. On file chrome/content/azan.js, you'll see the following: timeoutID = window['set'+ 'Timeout'](azan.run, 1000); In this case the bypass is harmless and just an innocent attempt to clear some warnings, but it could be problematic if done with more sensitive flags. We need to make the validator recognize these patterns and show the right flags.
Does this actually bypass the current validator? It shouldn't we have tests already for things like window["ev"+"al"] This is done through the lazy evaluation of the script. If it's not being detected, I'd imagine that the problem is likely a more general issue that's preventing an error from being raised. I'll look into it soon.
There was a minor bug in the MemberExpression evaluator. It should be fixed here: https://github.com/mattbasta/amo-validator/commit/56930d91ea199322a784528ba3de3ca9d686ad9c
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Reclassifying editor bugs and changing to a new whiteboard flag. Spam, spam, spam, spam...
Whiteboard: [required amo-editors] → [ReviewTeam]
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.