Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Gecko Bug 1615405] eval(nonString)` should not have observable side effects. #21800

Closed
wants to merge 1 commit into from
Closed

[Gecko Bug 1615405] eval(nonString)` should not have observable side effects. #21800

wants to merge 1 commit into from

Conversation

moz-wptsync-bot
Copy link
Collaborator

After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is excluded before calling that callback.

Differential Revision: https://phabricator.services.mozilla.com/D62794

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1615405
gecko-commit: bc387540075dc88bb2c0bf165931857ca7e40dfe
gecko-integration-branch: autoland
gecko-reviewers: tcampbell, baku

@evilpie @moz-wptsync-bot
eval(nonString)` should not have observable side effects.
981ab9c 
After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is excluded before calling that callback.

Differential Revision: https://phabricator.services.mozilla.com/D62794

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1615405
gecko-commit: bc387540075dc88bb2c0bf165931857ca7e40dfe
gecko-integration-branch: autoland
gecko-reviewers: tcampbell, baku
wpt-pr-bot
wpt-pr-bot approved these changes Feb 14, 2020
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Firefox project.

@evilpie
Copy link
Contributor

evilpie commented Feb 14, 2020

This was a mistake, please do not land.

@foolip foolip deleted the gecko/1615405 branch April 14, 2021 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
content-security-policy mozilla:gecko-sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@moz-wptsync-bot @evilpie @wpt-pr-bot