Closed Bug 88314 Opened 19 years ago Closed 1 year ago

Review browser JS for dangerous eval()'s

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

RESOLVED DUPLICATE of bug 1473549

People

(Reporter: security-bugs, Assigned: dveditz)

References

(Depends on 1 open bug)

Details

Attachments

(2 files)

As Brendan warned in bug 87980, there may be other places where eval() or new
Function calls may allow the running of unescaped or otherwise dangerous code.
Jesse, please do an lxr search on the calls Brendan mentioned and look for
potentially dangerous usages.
Priority: -- → P3
Target Milestone: --- → mozilla0.9.4
Target Milestone: mozilla0.9.4 → mozilla0.9.3
Target Milestone: mozilla0.9.3 → mozilla0.9.4
r=mstoltz. Let's check it in!
jat checked in the eval fix above for me because I was having trouble checking 
in.  I'll do setTimeout next.  (I didn't get all the evals, since I couldn't 
figure out what it was being used for in every case.)
Target Milestone: mozilla0.9.4 → mozilla0.9.5
Target Milestone: mozilla0.9.5 → mozilla0.9.7
Less important bugs retargeted to 0.9.9
Target Milestone: mozilla0.9.7 → mozilla0.9.9
Mozilla1.0
Target Milestone: mozilla0.9.9 → mozilla1.0
Depends on: 159605
Target Milestone: mozilla1.0 → mozilla1.2beta
Depends on: 192317
Depends on: 191817
Depends on: 247606
Target Milestone: mozilla1.2beta → ---
I was just thinking about eval() in chrome.  Is anyone still interested in this 
bug?
Search for /."/ (slashes delimit the text to find) in attachment 155057 [details] and you
will find more than a few bogus evals.  The first one is this:

  eval( "gICalLib."+functionToRun+"( calendarEvent, Server )" );

It should be done away with like so:

  gICalLib[functionToRun]( calendarEvent, Server );

And so on for the rest.

/be
Assignee: jruderman → dveditz
QA Contact: ckritzer
Depends on: 246720
QA Contact: toolkit

We're taking care of this in bug 1473549 now.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1473549
You need to log in before you can comment on or make changes to this bug.