Closed Bug 793851 Opened 12 years ago Closed 12 years ago

Create appropriate CSP warnings in the app validator

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

2012-11-15

People

(Reporter: basta, Assigned: basta)

References

Details

Matt Basta [:basta]

Assignee

Description

•

12 years ago

- Warn on explicit script tag creation
- Warn on any JavaScript URIs
- Warn on HTML event handling
- Better eval(), setTimeout(), setInterval() messages
- Better Function() support
- Warn on data URI use
- Error on XBL usage

Matt Basta [:basta]

Assignee

Updated

•

12 years ago

Depends on: 807304

Wil Clouser [:clouserw]

Updated

•

12 years ago

Target Milestone: --- → 2012-11-15

Matt Basta [:basta]

Assignee

Comment 1

•

12 years ago

We don't handle data URIs because they can't be accurately detected. XBL also isn't a thing we need to be concerned about at the moment.

Waiting for a review:

https://github.com/mattbasta/app-validator/commit/b0f3572583a9b43ae2d1a0d8d08e053851a7e59e

Matt Basta [:basta]

Assignee

Comment 2

•

12 years ago

Merged:

https://github.com/mozilla/zamboni/commit/a89f1a6095dca09f445b06a022d1ae44207dec14

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

8 years ago

Product: addons.mozilla.org → addons.mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Create appropriate CSP warnings in the app validator

Categories

(addons.mozilla.org Graveyard :: Add-on Validation, defect)

Tracking

(Not tracked)

People

(Reporter: basta, Assigned: basta)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Comment 2

Updated