зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1573622 - Do not enforce eval() assertions if userchrome.css is enabled r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D41814 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
7bb64b9037
Коммит
097aa52411
|
@ -412,13 +412,13 @@ void nsContentSecurityManager::AssertEvalNotRestricted(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// This preferences is a file used for autoconfiguration of Firefox
|
// This preference is a file used for autoconfiguration of Firefox
|
||||||
// by administrators. It has also been (ab)used by the userChromeJS
|
// by administrators. It has also been (ab)used by the userChromeJS
|
||||||
// project to run legacy-style 'extensions', some of which use eval,
|
// project to run legacy-style 'extensions', some of which use eval,
|
||||||
// all of which run in the System Principal context.
|
// all of which run in the System Principal context.
|
||||||
nsAutoString configPref;
|
nsAutoString jsConfigPref;
|
||||||
Preferences::GetString("general.config.filename", configPref);
|
Preferences::GetString("general.config.filename", jsConfigPref);
|
||||||
if (!configPref.IsEmpty()) {
|
if (!jsConfigPref.IsEmpty()) {
|
||||||
MOZ_LOG(
|
MOZ_LOG(
|
||||||
sCSMLog, LogLevel::Debug,
|
sCSMLog, LogLevel::Debug,
|
||||||
("Allowing eval() %s because of "
|
("Allowing eval() %s because of "
|
||||||
|
@ -427,6 +427,22 @@ void nsContentSecurityManager::AssertEvalNotRestricted(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This preference is better known as userchrome.css which allows
|
||||||
|
// customization of the Firefox UI. Believe it or not, you can also
|
||||||
|
// use XBL bindings to get it to run Javascript in the same manner
|
||||||
|
// as userChromeJS above, so even though 99.9% of people using
|
||||||
|
// userchrome.css aren't doing that, we're still going to need to
|
||||||
|
// disable the eval() assertion for them.
|
||||||
|
if (Preferences::GetBool(
|
||||||
|
"toolkit.legacyUserProfileCustomizations.stylesheets")) {
|
||||||
|
MOZ_LOG(
|
||||||
|
sCSMLog, LogLevel::Debug,
|
||||||
|
("Allowing eval() %s because of "
|
||||||
|
"toolkit.legacyUserProfileCustomizations.stylesheets",
|
||||||
|
(systemPrincipal ? "with System Principal" : "in parent process")));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// We permit these two common idioms to get access to the global JS object
|
// We permit these two common idioms to get access to the global JS object
|
||||||
if (!aScript.IsEmpty() &&
|
if (!aScript.IsEmpty() &&
|
||||||
(aScript == sAllowedEval1 || aScript == sAllowedEval2)) {
|
(aScript == sAllowedEval1 || aScript == sAllowedEval2)) {
|
||||||
|
|
Загрузка…
Ссылка в новой задаче