Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Gecko Bug 1615405] eval(nonString)` should not have observable side effects. #21800

Closed
wants to merge 1 commit into from

Conversation

@moz-wptsync-bot
Copy link
Collaborator

moz-wptsync-bot commented Feb 14, 2020

After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is excluded before calling that callback.

Differential Revision: https://phabricator.services.mozilla.com/D62794

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1615405
gecko-commit: bc387540075dc88bb2c0bf165931857ca7e40dfe
gecko-integration-branch: autoland
gecko-reviewers: tcampbell, baku

After this change we can restrict contentSecurityPolicyAllows callbacks to just strings, because everything
else is excluded before calling that callback.

Differential Revision: https://phabricator.services.mozilla.com/D62794

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1615405
gecko-commit: bc387540075dc88bb2c0bf165931857ca7e40dfe
gecko-integration-branch: autoland
gecko-reviewers: tcampbell, baku
Copy link
Collaborator

wpt-pr-bot left a comment

The review process for this patch is being conducted in the Firefox project.

@evilpie
Copy link
Contributor

evilpie commented Feb 14, 2020

This was a mistake, please do not land.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.