Hardcode minimal eval()-whitelist for test files into eval()-assertion
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox70 | --- | fixed |
People
(Reporter: jallmann, Assigned: jallmann)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
Some testing-related files using eval()-like functions are hard to be replaced/amended. They are probably going to stay whitelisted from the eval()-assertion. This solution is preferred over manually disabling the assertion in many tests and possibly shadowing the use of eval() in places other than these few, known files.
A minimal whitelist of files identified by their full path is going to be hardcoded into the assertion to replace the current pref-based whitelist.
Additionally, it should be ensured that even the whitelisted files are only allowed when running in automation.
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/6e76b0cb3e10
Hardcode minimal eval()-whitelist for test files into eval()-assertion, r=ckerschb
Comment 3•5 years ago
|
||
bugherder |
Description
•