зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1588816 - Remove userChrome.css case since XBL is dead in Nightly r=bgrins
Differential Revision: https://phabricator.services.mozilla.com/D50964 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
95b4cd998b
Коммит
d72a6eb2f3
|
@ -300,11 +300,11 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
|
|||
return true;
|
||||
}
|
||||
|
||||
// We only perform checks of these two preferences on the Main Thread
|
||||
// (because a String-based preference checks is only safe on Main Thread.)
|
||||
// We only perform a check of this preference on the Main Thread
|
||||
// (because a String-based preference check is only safe on Main Thread.)
|
||||
// The consequence of this is that if a user is using userChromeJS _and_
|
||||
// the scripts they use start a worker and that worker uses eval - we will
|
||||
// enter this function, skip over these pref checks that would normally cause
|
||||
// enter this function, skip over this pref check that would normally cause
|
||||
// us to allow the eval usage - and we will block it.
|
||||
// While not ideal, we do not officially support userChromeJS, and hopefully
|
||||
// the usage of workers and eval in workers is even lower that userChromeJS
|
||||
|
@ -324,22 +324,6 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
|
|||
: "in parent process")));
|
||||
return true;
|
||||
}
|
||||
|
||||
// This preference is better known as userchrome.css which allows
|
||||
// customization of the Firefox UI. Believe it or not, you can also
|
||||
// use XBL bindings to get it to run Javascript in the same manner
|
||||
// as userChromeJS above, so even though 99.9% of people using
|
||||
// userchrome.css aren't doing that, we're still going to need to
|
||||
// disable the eval() assertion for them.
|
||||
if (Preferences::GetBool(
|
||||
"toolkit.legacyUserProfileCustomizations.stylesheets")) {
|
||||
MOZ_LOG(sCSMLog, LogLevel::Debug,
|
||||
("Allowing eval() %s because of "
|
||||
"toolkit.legacyUserProfileCustomizations.stylesheets",
|
||||
(aIsSystemPrincipal ? "with System Principal"
|
||||
: "in parent process")));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// We permit these two common idioms to get access to the global JS object
|
||||
|
|
Загрузка…
Ссылка в новой задаче