Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for isolated_world alias #3053

Closed
EnTeQuAk opened this issue Feb 18, 2020 · 0 comments · Fixed by #3066
Closed

Add support for isolated_world alias #3053

EnTeQuAk opened this issue Feb 18, 2020 · 0 comments · Fixed by #3066
Labels
component:rule component:schema priority:p3
Milestone
2020.02.27

Comments

@EnTeQuAk
Copy link
Contributor

See https://github.com/mozilla/addons-linter/pull/3048/files#diff-c24fe98257d3c70153e05cf42301ed84R200
@EnTeQuAk EnTeQuAk added this to the 2020.02.20 milestone Feb 18, 2020
@EnTeQuAk EnTeQuAk self-assigned this Feb 18, 2020
@EnTeQuAk EnTeQuAk mentioned this issue Feb 18, 2020
Merged
@muffinresearch muffinresearch modified the milestones: 2020.02.20, 2020.02.27 Feb 24, 2020
@EnTeQuAk EnTeQuAk removed their assignment Feb 27, 2020
rpl added a commit to rpl/addons-linter that referenced this issue Mar 2, 2020
@rpl
fix: Validate manifest CSP properties in v3 format (fix mozilla#3053)
fba4a2a
@rpl rpl mentioned this issue Mar 2, 2020
Merged
rpl added a commit to rpl/addons-linter that referenced this issue Mar 2, 2020
@rpl
fix: Validate manifest CSP properties in v3 format (fix mozilla#3053)
759f7c9
EnTeQuAk pushed a commit that referenced this issue Mar 2, 2020
@rpl
fix: Validate manifest CSP properties in v3 format (#3066)
a43e8ae 
Fixes #3053
(also also unblock #3048)

This PR introduce some small changes needed to parse and validate the manifest CSP properties when they are expressed in the new v3 format:

```
  "content_security_policy": {
    "extension_pages": "...",
    "content_scripts": "...",
    // or "isolated_worlds" (which is the chrome compatible alias for the "content_scripts" one)
  }
```

Some other details related to this PR:
- the change is also covered by some additional automated tests.
- the validation messages now also contains the name of the CSP property related
  to the validation message, e.g.

```
Code                              Message                                         Description                                                                                 File                                     Line   Column
MANIFEST_CSP_UNSAFE_EVAL          content_security_policy.extension_pages         In most cases the same result can be achieved differently, therefore it is generally        manifest.json                            
                                  allows 'eval', which has strong security and    prohibited                                                                                                                           
                                  performance implications.
``` 

* fix: Validate manifest CSP properties in v3 format (fix #3053)

* chore: Assert the expected number of warning on manifest v3 CSP properties tests
@EnTeQuAk EnTeQuAk mentioned this issue Mar 5, 2020
Merged
@snyk-bot snyk-bot mentioned this issue Apr 26, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:rule component:schema priority:p3
Projects
None yet
Milestone
2020.02.27
Development

Successfully merging a pull request may close this issue.

fix: Validate manifest CSP properties in v3 format rpl/addons-linter
2 participants
@muffinresearch @EnTeQuAk