-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for isolated_world
alias
#3053
Milestone
Comments
rpl
added a commit
to rpl/addons-linter
that referenced
this issue
Mar 2, 2020
rpl
added a commit
to rpl/addons-linter
that referenced
this issue
Mar 2, 2020
EnTeQuAk
pushed a commit
that referenced
this issue
Mar 2, 2020
Fixes #3053 (also also unblock #3048) This PR introduce some small changes needed to parse and validate the manifest CSP properties when they are expressed in the new v3 format: ``` "content_security_policy": { "extension_pages": "...", "content_scripts": "...", // or "isolated_worlds" (which is the chrome compatible alias for the "content_scripts" one) } ``` Some other details related to this PR: - the change is also covered by some additional automated tests. - the validation messages now also contains the name of the CSP property related to the validation message, e.g. ``` Code Message Description File Line Column MANIFEST_CSP_UNSAFE_EVAL content_security_policy.extension_pages In most cases the same result can be achieved differently, therefore it is generally manifest.json allows 'eval', which has strong security and prohibited performance implications. ``` * fix: Validate manifest CSP properties in v3 format (fix #3053) * chore: Assert the expected number of warning on manifest v3 CSP properties tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://github.com/mozilla/addons-linter/pull/3048/files#diff-c24fe98257d3c70153e05cf42301ed84R200
The text was updated successfully, but these errors were encountered: