From 097aa5241137a6bb3e9b2f67d7f7f070ef10f027 Mon Sep 17 00:00:00 2001
From: Tom Ritter <tom@mozilla.com>
Date: Wed, 14 Aug 2019 14:29:57 +0000
Subject: [PATCH] Bug 1573622 - Do not enforce eval() assertions if
 userchrome.css is enabled r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D41814

--HG--
extra : moz-landing-system : lando
---
 dom/security/nsContentSecurityManager.cpp | 24 +++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index ce0416786f41..cc72d6d005d5 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -412,13 +412,13 @@ void nsContentSecurityManager::AssertEvalNotRestricted(
     return;
   }
 
-  // This preferences is a file used for autoconfiguration of Firefox
+  // This preference is a file used for autoconfiguration of Firefox
   // by administrators. It has also been (ab)used by the userChromeJS
   // project to run legacy-style 'extensions', some of which use eval,
   // all of which run in the System Principal context.
-  nsAutoString configPref;
-  Preferences::GetString("general.config.filename", configPref);
-  if (!configPref.IsEmpty()) {
+  nsAutoString jsConfigPref;
+  Preferences::GetString("general.config.filename", jsConfigPref);
+  if (!jsConfigPref.IsEmpty()) {
     MOZ_LOG(
         sCSMLog, LogLevel::Debug,
         ("Allowing eval() %s because of "
@@ -427,6 +427,22 @@ void nsContentSecurityManager::AssertEvalNotRestricted(
     return;
   }
 
+  // This preference is better known as userchrome.css which allows
+  // customization of the Firefox UI. Believe it or not, you can also
+  // use XBL bindings to get it to run Javascript in the same manner
+  // as userChromeJS above, so even though 99.9% of people using
+  // userchrome.css aren't doing that, we're still going to need to
+  // disable the eval() assertion for them.
+  if (Preferences::GetBool(
+          "toolkit.legacyUserProfileCustomizations.stylesheets")) {
+    MOZ_LOG(
+        sCSMLog, LogLevel::Debug,
+        ("Allowing eval() %s because of "
+         "toolkit.legacyUserProfileCustomizations.stylesheets",
+         (systemPrincipal ? "with System Principal" : "in parent process")));
+    return;
+  }
+
   // We permit these two common idioms to get access to the global JS object
   if (!aScript.IsEmpty() &&
       (aScript == sAllowedEval1 || aScript == sAllowedEval2)) {