Create appropriate CSP warnings in the app validator

RESOLVED FIXED in 2012-11-15

Status

addons.mozilla.org Graveyard
Add-on Validation
RESOLVED FIXED
5 years ago
2 years ago

People

(Reporter: basta, Assigned: basta)

Tracking

unspecified
2012-11-15

Details

(Assignee)

Description

5 years ago
- Warn on explicit script tag creation
- Warn on any JavaScript URIs
- Warn on HTML event handling
- Better eval(), setTimeout(), setInterval() messages
- Better Function() support
- Warn on data URI use
- Error on XBL usage
(Assignee)

Updated

5 years ago
Depends on: 807304
Target Milestone: --- → 2012-11-15
(Assignee)

Comment 1

5 years ago
We don't handle data URIs because they can't be accurately detected. XBL also isn't a thing we need to be concerned about at the moment.

Waiting for a review:

https://github.com/mattbasta/app-validator/commit/b0f3572583a9b43ae2d1a0d8d08e053851a7e59e
(Assignee)

Comment 2

5 years ago
Merged:

https://github.com/mozilla/zamboni/commit/a89f1a6095dca09f445b06a022d1ae44207dec14
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.