Backed out 10 changesets (bug 1582512) for causing browser_preferences_usage.js to permafail CLOSED TREE

Backed out changeset a615a2c07523 (bug 1582512)
Backed out changeset 7dd0266da0a1 (bug 1582512)
Backed out changeset dfdefc6ede97 (bug 1582512)
Backed out changeset 59db30e1915f (bug 1582512)
Backed out changeset 1eb6f6b02149 (bug 1582512)
Backed out changeset 391ed11326fb (bug 1582512)
Backed out changeset 02865605c1c3 (bug 1582512)
Backed out changeset 017582048986 (bug 1582512)
Backed out changeset 1374c08302f9 (bug 1582512)
Backed out changeset 40dd63b6910a (bug 1582512)

browser/app/profile/firefox.js

@@ -516,8 +516,6 @@ pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
 pref("security.allow_eval_with_system_principal", false);
 pref("security.allow_eval_in_parent_process", false);
 
-pref("security.allow_parent_unrestricted_js_loads", false);
-
 #ifdef NIGHTLY_BUILD
   pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
 #else

devtools/client/shared/sourceeditor/test/browser_codemirror.js

@@ -29,8 +29,6 @@ async function test() {
     "privacy.resistFingerprinting.reduceTimerPrecision.microseconds",
     2000
   );
-  // Needed for a loadFrameScript(data:) call in helper_codemirror_runner.js
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
 
   const tab = await addTab(URI);
   runCodeMirrorTest(tab.linkedBrowser);

devtools/client/shared/sourceeditor/test/browser_vimemacs.js

@@ -8,13 +8,11 @@ const URI =
   "/shared/sourceeditor/test/codemirror/vimemacs.html";
 loadHelperScript("helper_codemirror_runner.js");
 
-async function test() {
+function test() {
   requestLongerTimeout(4);
   waitForExplicitFinish();
 
-  // Needed for a loadFrameScript(data:) call in helper_codemirror_runner.js
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
-  const tab = await addTab(URI);
-  runCodeMirrorTest(tab.linkedBrowser);
+  addTab(URI).then(function(tab) {
+    runCodeMirrorTest(tab.linkedBrowser);
+  });
 }

devtools/client/shared/test/test-actor-registry.js

@@ -12,7 +12,7 @@
   const { fetch } = require("devtools/shared/DevToolsUtils");
 
   const TEST_URL_ROOT =
-    "chrome://mochitests/content/browser/devtools/client/shared/test/";
+    "http://example.com/browser/devtools/client/shared/test/";
   const ACTOR_URL = TEST_URL_ROOT + "test-actor.js";
 
   // Register a test actor that can operate on the remote document

devtools/client/webconsole/test/browser/browser_console.js

@@ -21,8 +21,6 @@ const TEST_IMAGE =
   "test/test-image.png";
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
   await pushPref("devtools.browserconsole.contentMessages", true);
   await addTab(TEST_URI);
 

devtools/client/webconsole/test/browser/browser_console_chrome_context_message.js

@@ -7,9 +7,6 @@
 "use strict";
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
   // Show the content messages
   await pushPref("devtools.browserconsole.contentMessages", true);
 

devtools/client/webconsole/test/browser/browser_console_cpow.js

@@ -12,9 +12,6 @@ const {
 } = require("devtools/client/framework/devtools-browser");
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
   await addTab("about:blank");
 
   const hud = await BrowserConsoleManager.openBrowserConsoleOrFocus();

devtools/client/webconsole/test/browser/browser_console_dead_objects.js

@@ -13,9 +13,6 @@
 "use strict";
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
   const hud = await BrowserConsoleManager.toggleBrowserConsole();
   ok(hud, "browser console opened");
 

devtools/client/webconsole/test/browser/browser_console_jsterm_await.js

@@ -10,8 +10,6 @@ const TEST_URI =
   "data:text/html;charset=utf-8,Top-level await Browser Console test";
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
   // Enable await mapping.
   await pushPref("devtools.debugger.features.map-await-expression", true);
 

devtools/client/webconsole/test/browser/browser_jsterm_await_error.js

@@ -9,9 +9,6 @@ const TEST_URI =
   "data:text/html;charset=utf-8,Web Console test failing top-level await";
 
 add_task(async function() {
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
   // Enable await mapping.
   await pushPref("devtools.debugger.features.map-await-expression", true);
   const hud = await openNewTabAndConsole(TEST_URI);

devtools/client/webconsole/test/browser/browser_jsterm_hide_when_devtools_chrome_enabled_false.js

@@ -26,9 +26,6 @@ requestLongerTimeout(2);
 add_task(async function() {
   let browserConsole, webConsole, objInspector;
 
-  // Needed for the execute() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
-
   // We don't use `pushPref()` because we need to revert the same pref later
   // in the test.
   Services.prefs.setBoolPref("devtools.chrome.enabled", true);

devtools/client/webconsole/test/browser/browser_toolbox_console_new_process.js

@@ -26,8 +26,6 @@ Services.scriptloader.loadSubScript(
 
 add_task(async function() {
   await pushPref("devtools.browsertoolbox.fission", true);
-  // Needed for the invokeInTab() function below
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
 
   await addTab(TEST_URI);
   const ToolboxTask = await initBrowserToolboxTask();

devtools/shared/test-helpers/browser_allocation_tracker.js

@@ -37,8 +37,7 @@ add_task(async function() {
     global,
     undefined,
     "test-file.js",
-    1,
-    /* enforceFilenameRestrictions */ false
+    1
   );
   /* eslint-enable no-undef */
 
@@ -59,14 +58,7 @@ add_task(async function() {
       ` + ${afterCreation - before} -> ${afterCreation})`
   );
 
-  Cu.evalInSandbox(
-    "list = null;",
-    global,
-    undefined,
-    "test-file.js",
-    7,
-    /* enforceFilenameRestrictions */ false
-  );
+  Cu.evalInSandbox("list = null;", global, undefined, "test-file.js", 7);
 
   Cu.forceGC();
   Cu.forceCC();

devtools/shared/worker/tests/browser/browser_worker-01.js

@@ -20,10 +20,6 @@ const WORKER_DATA = (function() {
 const INTERVAL = 100;
 const DURATION = 1000;
 
-registerCleanupFunction(function() {
-  Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
-});
-
 add_task(async function() {
   // Test both CJS and JSM versions
 
@@ -35,11 +31,6 @@ add_task(async function() {
 });
 
 async function testWorker(context, workerFactory) {
-  // Needed for blob:null
-  Services.prefs.setBoolPref(
-    "security.allow_parent_unrestricted_js_loads",
-    true
-  );
   const { DevToolsWorker, workerify } = workerFactory();
   const worker = new DevToolsWorker(WORKER_URL);
   const results = await worker.performTask("plotTimestampsGraph", {
@@ -61,10 +52,6 @@ async function testWorker(context, workerFactory) {
 }
 
 async function testTransfer() {
-  Services.prefs.setBoolPref(
-    "security.allow_parent_unrestricted_js_loads",
-    true
-  );
   const { workerify } = ChromeUtils.import(
     "resource://devtools/shared/worker/worker.js"
   );

devtools/shared/worker/tests/browser/browser_worker-03.js

@@ -25,16 +25,7 @@ function squarePromiseReject(x) {
   return new Promise((_, reject) => reject("Nope"));
 }
 
-registerCleanupFunction(function() {
-  Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
-});
-
 add_task(async function() {
-  // Needed for blob:null
-  Services.prefs.setBoolPref(
-    "security.allow_parent_unrestricted_js_loads",
-    true
-  );
   let fn = workerify(square);
   is(await fn(5), 25, "return primitives successful");
   fn.destroy();

dom/security/nsContentSecurityUtils.cpp

@@ -18,7 +18,6 @@
 #  include <wininet.h>
 #endif
 
-#include "mozilla/Logging.h"
 #include "mozilla/dom/Document.h"
 #include "mozilla/StaticPrefs_extensions.h"
 
@@ -135,7 +134,7 @@ nsString OptimizeFileName(const nsAString& aFileName) {
 }
 
 /*
- * FilenameToFilenameType takes a fileName and returns a Pair of strings.
+ * FilenameToEvalType takes a fileName and returns a Pair of strings.
  * The First entry is a string indicating the type of fileName
  * The Second entry is a Maybe<string> that can contain additional details to
  * report.
@@ -147,13 +146,11 @@ nsString OptimizeFileName(const nsAString& aFileName) {
  */
 
 /* static */
-FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
+FilenameType nsContentSecurityUtils::FilenameToEvalType(
     const nsString& fileName) {
   // These are strings because the Telemetry Events API only accepts strings
   static NS_NAMED_LITERAL_CSTRING(kChromeURI, "chromeuri");
   static NS_NAMED_LITERAL_CSTRING(kResourceURI, "resourceuri");
-  static NS_NAMED_LITERAL_CSTRING(kBlobUri, "bloburi");
-  static NS_NAMED_LITERAL_CSTRING(kDataUri, "dataurl");
   static NS_NAMED_LITERAL_CSTRING(kSingleString, "singlestring");
   static NS_NAMED_LITERAL_CSTRING(kMozillaExtension, "mozillaextension");
   static NS_NAMED_LITERAL_CSTRING(kOtherExtension, "otherextension");
@@ -174,23 +171,15 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
 
   // resource:// and chrome://
   if (StringBeginsWith(fileName, NS_LITERAL_STRING("chrome://"))) {
-    return FilenameTypeAndDetails(kChromeURI, Some(fileName));
+    return FilenameType(kChromeURI, Some(fileName));
   }
   if (StringBeginsWith(fileName, NS_LITERAL_STRING("resource://"))) {
-    return FilenameTypeAndDetails(kResourceURI, Some(fileName));
-  }
-
-  // blob: and data:
-  if (StringBeginsWith(fileName, NS_LITERAL_STRING("blob:"))) {
-    return FilenameTypeAndDetails(kBlobUri, Nothing());
-  }
-  if (StringBeginsWith(fileName, NS_LITERAL_STRING("data:"))) {
-    return FilenameTypeAndDetails(kDataUri, Nothing());
+    return FilenameType(kResourceURI, Some(fileName));
   }
 
   if (!NS_IsMainThread()) {
     // We can't do Regex matching off the main thread; so just report.
-    return FilenameTypeAndDetails(kOtherWorker, Nothing());
+    return FilenameType(kOtherWorker, Nothing());
   }
 
   // Extension
@@ -199,7 +188,7 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
   nsresult rv = RegexEval(kExtensionRegex, fileName, /* aOnlyMatch = */ false,
                           regexMatch, &regexResults);
   if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
   }
   if (regexMatch) {
     nsCString type =
@@ -208,27 +197,26 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
             : kOtherExtension;
     auto& extensionNameAndPath =
         Substring(regexResults[0], ArrayLength("extensions/") - 1);
-    return FilenameTypeAndDetails(type,
-                                  Some(OptimizeFileName(extensionNameAndPath)));
+    return FilenameType(type, Some(OptimizeFileName(extensionNameAndPath)));
   }
 
   // Single File
   rv = RegexEval(kSingleFileRegex, fileName, /* aOnlyMatch = */ true,
                  regexMatch);
   if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
   }
   if (regexMatch) {
-    return FilenameTypeAndDetails(kSingleString, Some(fileName));
+    return FilenameType(kSingleString, Some(fileName));
   }
 
   // Suspected userChromeJS script
   rv = RegexEval(kUCJSRegex, fileName, /* aOnlyMatch = */ true, regexMatch);
   if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
   }
   if (regexMatch) {
-    return FilenameTypeAndDetails(kSuspectedUserChromeJS, Nothing());
+    return FilenameType(kSuspectedUserChromeJS, Nothing());
   }
 
 #if defined(XP_WIN)
@@ -248,16 +236,14 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
         sanitizedPathAndScheme.Append(NS_LITERAL_STRING("://.../"));
         sanitizedPathAndScheme.Append(strSanitizedPath);
       }
-      return FilenameTypeAndDetails(kSanitizedWindowsURL,
-                                    Some(sanitizedPathAndScheme));
+      return FilenameType(kSanitizedWindowsURL, Some(sanitizedPathAndScheme));
     } else {
-      return FilenameTypeAndDetails(kSanitizedWindowsPath,
-                                    Some(strSanitizedPath));
+      return FilenameType(kSanitizedWindowsPath, Some(strSanitizedPath));
     }
   }
 #endif
 
-  return FilenameTypeAndDetails(kOther, Nothing());
+  return FilenameType(kOther, Nothing());
 }
 
 class EvalUsageNotificationRunnable final : public Runnable {
@@ -475,13 +461,12 @@ void nsContentSecurityUtils::NotifyEvalUsage(bool aIsSystemPrincipal,
       aIsSystemPrincipal ? Telemetry::EventID::Security_Evalusage_Systemcontext
                          : Telemetry::EventID::Security_Evalusage_Parentprocess;
 
-  FilenameTypeAndDetails fileNameTypeAndDetails =
-      FilenameToFilenameType(aFileNameA);
+  FilenameType fileNameType = FilenameToEvalType(aFileNameA);
   mozilla::Maybe<nsTArray<EventExtraEntry>> extra;
-  if (fileNameTypeAndDetails.second().isSome()) {
+  if (fileNameType.second().isSome()) {
     extra = Some<nsTArray<EventExtraEntry>>({EventExtraEntry{
         NS_LITERAL_CSTRING("fileinfo"),
-        NS_ConvertUTF16toUTF8(fileNameTypeAndDetails.second().value())}});
+        NS_ConvertUTF16toUTF8(fileNameType.second().value())}});
   } else {
     extra = Nothing();
   }
@@ -489,8 +474,7 @@ void nsContentSecurityUtils::NotifyEvalUsage(bool aIsSystemPrincipal,
     sTelemetryEventEnabled = true;
     Telemetry::SetEventRecordingEnabled(NS_LITERAL_CSTRING("security"), true);
   }
-  Telemetry::RecordEvent(eventType,
-                         mozilla::Some(fileNameTypeAndDetails.first()), extra);
+  Telemetry::RecordEvent(eventType, mozilla::Some(fileNameType.first()), extra);
 
   // Report an error to console
   nsCOMPtr<nsIConsoleService> console(
@@ -692,101 +676,3 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
              "about: page must not contain a CSP including 'unsafe-inline'");
 }
 #endif
-
-/* static */
-bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
-                                                    bool aIsSystemRealm) {
-  // If the pref is permissive, allow everything
-  if (StaticPrefs::security_allow_parent_unrestricted_js_loads()) {
-    return true;
-  }
-
-  // If we're not in the parent process allow everything (presently)
-  if (!XRE_IsE10sParentProcess()) {
-    return true;
-  }
-
-  // We only perform a check of this preference on the Main Thread
-  // (because a String-based preference check is only safe on Main Thread.)
-  // The consequence of this is that if a user is using userChromeJS _and_
-  // the scripts they use start a worker - we will enter this function,
-  // skip over this pref check that would normally cause us to allow the
-  // load - and we will block it.
-  // While not ideal, we do not officially support userChromeJS, and hopefully
-  // the usage of workers is even lower than userChromeJS usage.
-  if (NS_IsMainThread()) {
-    // This preference is a file used for autoconfiguration of Firefox
-    // by administrators. It has also been (ab)used by the userChromeJS
-    // project to run legacy-style 'extensions', some of which use eval,
-    // all of which run in the System Principal context.
-    nsAutoString jsConfigPref;
-    Preferences::GetString("general.config.filename", jsConfigPref);
-    if (!jsConfigPref.IsEmpty()) {
-      MOZ_LOG(sCSMLog, LogLevel::Debug,
-              ("Allowing a javascript load of %s because "
-               "general.config.filename is set",
-               aFilename));
-      return true;
-    }
-  }
-
-  if (XRE_IsE10sParentProcess() &&
-      !StaticPrefs::extensions_webextensions_remote()) {
-    MOZ_LOG(sCSMLog, LogLevel::Debug,
-            ("Allowing a javascript load of %s because the web extension "
-             "process is disabled.",
-             aFilename));
-    return true;
-  }
-
-  NS_ConvertUTF8toUTF16 filenameU(aFilename);
-  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
-    // If it's a chrome:// url, allow it
-    return true;
-  }
-  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("resource://"))) {
-    // If it's a resource:// url, allow it
-    return true;
-  }
-  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("file://"))) {
-    // We will temporarily allow all file:// URIs through for now
-    return true;
-  }
-  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("jar:file://"))) {
-    // We will temporarily allow all jar URIs through for now
-    return true;
-  }
-
-  // Log to MOZ_LOG
-  MOZ_LOG(sCSMLog, LogLevel::Info,
-          ("ValidateScriptFilename System:%i %s\n", (aIsSystemRealm ? 1 : 0),
-           aFilename));
-
-  // Send Telemetry
-  FilenameTypeAndDetails fileNameTypeAndDetails =
-      FilenameToFilenameType(filenameU);
-
-  Telemetry::EventID eventType =
-      Telemetry::EventID::Security_Javascriptload_Parentprocess;
-
-  mozilla::Maybe<nsTArray<EventExtraEntry>> extra;
-  if (fileNameTypeAndDetails.second().isSome()) {
-    extra = Some<nsTArray<EventExtraEntry>>({EventExtraEntry{
-        NS_LITERAL_CSTRING("fileinfo"),
-        NS_ConvertUTF16toUTF8(fileNameTypeAndDetails.second().value())}});
-  } else {
-    extra = Nothing();
-  }
-
-  if (!sTelemetryEventEnabled.exchange(true)) {
-    sTelemetryEventEnabled = true;
-    Telemetry::SetEventRecordingEnabled(NS_LITERAL_CSTRING("security"), true);
-  }
-  Telemetry::RecordEvent(eventType,
-                         mozilla::Some(fileNameTypeAndDetails.first()), extra);
-
-  // Presently we are not enforcing any restrictions for the script filename,
-  // we're only reporting Telemetry. In the future we will assert in debug
-  // builds and return false to prevent execution in non-debug builds.
-  return true;
-}

dom/security/nsContentSecurityUtils.h

@@ -18,12 +18,11 @@ class Document;
 }  // namespace dom
 }  // namespace mozilla
 
-typedef mozilla::Pair<nsCString, mozilla::Maybe<nsString>>
-    FilenameTypeAndDetails;
+typedef mozilla::Pair<nsCString, mozilla::Maybe<nsString>> FilenameType;
 
 class nsContentSecurityUtils {
  public:
-  static FilenameTypeAndDetails FilenameToFilenameType(const nsString& fileName);
+  static FilenameType FilenameToEvalType(const nsString& fileName);
   static bool IsEvalAllowed(JSContext* cx, bool aIsSystemPrincipal,
                             const nsAString& aScript);
   static void NotifyEvalUsage(bool aIsSystemPrincipal,
@@ -39,9 +38,6 @@ class nsContentSecurityUtils {
 #if defined(DEBUG)
   static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
 #endif
-
-  static bool ValidateScriptFilename(const char* aFilename,
-                                     bool aIsSystemRealm);
 };
 
 #endif /* nsContentSecurityUtils_h___ */

dom/security/test/gtest/TestFilenameEvalParser.cpp

@@ -14,8 +14,6 @@
 
 static NS_NAMED_LITERAL_CSTRING(kChromeURI, "chromeuri");
 static NS_NAMED_LITERAL_CSTRING(kResourceURI, "resourceuri");
-static NS_NAMED_LITERAL_CSTRING(kBlobUri, "bloburi");
-static NS_NAMED_LITERAL_CSTRING(kDataUri, "dataurl");
 static NS_NAMED_LITERAL_CSTRING(kSingleString, "singlestring");
 static NS_NAMED_LITERAL_CSTRING(kMozillaExtension, "mozillaextension");
 static NS_NAMED_LITERAL_CSTRING(kOtherExtension, "otherextension");
@@ -34,48 +32,18 @@ TEST(FilenameEvalParser, ResourceChrome)
 {
   {
     NS_NAMED_LITERAL_STRING(str, "chrome://firegestures/content/browser.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kChromeURI && ret.second().isSome() &&
                 ret.second().value() == str);
   }
   {
     NS_NAMED_LITERAL_STRING(str, "resource://firegestures/content/browser.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kResourceURI && ret.second().isSome() &&
                 ret.second().value() == str);
   }
 }
 
-TEST(FilenameEvalParser, BlobData)
-{
-  {
-    NS_NAMED_LITERAL_STRING(str, "blob://000-000");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
-    ASSERT_TRUE(ret.first() == kBlobUri && !ret.second().isSome());
-  }
-  {
-    NS_NAMED_LITERAL_STRING(str, "blob:000-000");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
-    ASSERT_TRUE(ret.first() == kBlobUri && !ret.second().isSome());
-  }
-  {
-    NS_NAMED_LITERAL_STRING(str, "data://blahblahblah");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
-    ASSERT_TRUE(ret.first() == kDataUri && !ret.second().isSome());
-  }
-  {
-    NS_NAMED_LITERAL_STRING(str, "data:blahblahblah");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
-    ASSERT_TRUE(ret.first() == kDataUri && !ret.second().isSome());
-  }
-}
-
 TEST(FilenameEvalParser, MozExtension)
 {
   {  // Test shield.mozilla.org replacing
@@ -84,8 +52,7 @@ TEST(FilenameEvalParser, MozExtension)
         "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
         "extensions/federated-learning@shield.mozilla.org.xpi!/experiments/"
         "study/api.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kMozillaExtension &&
                 ret.second().value() ==
                     NS_LITERAL_STRING(
@@ -97,8 +64,7 @@ TEST(FilenameEvalParser, MozExtension)
         "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
         "extensions/federated-learning@shigeld.mozilla.org.xpi!/experiments/"
         "study/api.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(
         ret.first() == kMozillaExtension &&
         ret.second().value() ==
@@ -111,8 +77,7 @@ TEST(FilenameEvalParser, MozExtension)
         "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
         "extensions/federated-learning@shigeld.mozilla.org.xpi!/experiments/"
         "study/apiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(
         ret.first() == kMozillaExtension &&
         ret.second().value() ==
@@ -125,23 +90,20 @@ TEST(FilenameEvalParser, UserChromeJS)
 {
   {
     NS_NAMED_LITERAL_STRING(str, "firegestures/content/browser.uc.js");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                 !ret.second().isSome());
   }
   {
     NS_NAMED_LITERAL_STRING(str, "firegestures/content/browser.uc.js?");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                 !ret.second().isSome());
   }
   {
     nsLiteralString str =
         NS_LITERAL_STRING("firegestures/content/browser.uc.js?243244224");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                 !ret.second().isSome());
   }
@@ -150,8 +112,7 @@ TEST(FilenameEvalParser, UserChromeJS)
         str,
         "file:///b:/fxprofiles/mark/chrome/"
         "addbookmarkherewithmiddleclick.uc.js?1558444389291");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                 !ret.second().isSome());
   }
@@ -161,15 +122,13 @@ TEST(FilenameEvalParser, SingleFile)
 {
   {
     NS_NAMED_LITERAL_STRING(str, "browser.uc.js?2456");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSingleString && ret.second().isSome() &&
                 ret.second().value() == str);
   }
   {
     NS_NAMED_LITERAL_STRING(str, "debugger");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kSingleString && ret.second().isSome() &&
                 ret.second().value() == str);
   }
@@ -179,14 +138,12 @@ TEST(FilenameEvalParser, Other)
 {
   {
     NS_NAMED_LITERAL_STRING(str, "firegestures--content");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
     ASSERT_TRUE(ret.first() == kOther && !ret.second().isSome());
   }
   {
     NS_NAMED_LITERAL_STRING(str, "gallop://thing/fire");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                 ret.second().value() == NS_LITERAL_STRING("gallop"));
@@ -196,8 +153,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "gallop://fire");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                 ret.second().value() == NS_LITERAL_STRING("gallop"));
@@ -207,8 +163,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "firegestures/content");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                 ret.second().value() == NS_LITERAL_STRING("content"));
@@ -218,8 +173,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "firegestures\\content");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                 ret.second().value() == NS_LITERAL_STRING("content"));
@@ -229,8 +183,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "/home/tom/files/thing");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                 ret.second().value() == NS_LITERAL_STRING("thing"));
@@ -240,8 +193,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "file://c/uers/tom/file.txt");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                 ret.second().value() ==
@@ -252,8 +204,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "c:/uers/tom/file.txt");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                 ret.second().value() == NS_LITERAL_STRING("file.txt"));
@@ -263,8 +214,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "http://example.com/");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                 ret.second().value() == NS_LITERAL_STRING("http"));
@@ -274,8 +224,7 @@ TEST(FilenameEvalParser, Other)
   }
   {
     NS_NAMED_LITERAL_STRING(str, "http://example.com/thing.html");
-    FilenameTypeAndDetails ret =
-        nsContentSecurityUtils::FilenameToFilenameType(str);
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
 #if defined(XP_WIN)
     ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                 ret.second().value() == NS_LITERAL_STRING("http"));

js/src/debugger/Frame.cpp

@@ -861,12 +861,7 @@ static bool EvaluateInEnv(JSContext* cx, Handle<Env*> env,
   options.setIsRunOnce(true)
       .setNoScriptRval(false)
       .setFileAndLine(filename, lineno)
-      .setIntroductionType("debugger eval")
-      /* Do not perform the Javascript filename validation security check for
-       * javascript executions sent through the debugger. Besides making up
-       * a filename for these codepaths, we must allow arbitrary JS execution
-       * for the Browser toolbox to function. */
-      .setSkipFilenameValidation(true);
+      .setIntroductionType("debugger eval");
 
   if (frame && frame.hasScript() && frame.script()->strict()) {
     options.setForceStrictMode();

js/xpconnect/idl/xpccomponents.idl

@@ -136,8 +136,7 @@ interface nsIXPCComponents_Utils : nsISupports
     jsval evalInSandbox(in AString source, in jsval sandbox,
                         [optional] in jsval version,
                         [optional] in AUTF8String filename,
-                        [optional] in long lineNo,
-                        [optional] in bool enforceFilenameRestrictions);
+                        [optional] in long lineNo);
 
     /*
      * Get the sandbox for running JS-implemented UA widgets (video controls etc.),

js/xpconnect/src/Sandbox.cpp

@@ -1881,8 +1881,7 @@ nsresult nsXPCComponents_utils_Sandbox::CallOrConstruct(
 
 nsresult xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg,
                             const nsAString& source, const nsACString& filename,
-                            int32_t lineNo, bool enforceFilenameRestrictions,
-                            MutableHandleValue rval) {
+                            int32_t lineNo, MutableHandleValue rval) {
   JS_AbortIfWrongThread(cx);
   rval.set(UndefinedValue());
 
@@ -1924,7 +1923,6 @@ nsresult xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg,
 
     JS::CompileOptions options(sandcx);
     options.setFileAndLine(filenameBuf.get(), lineNo);
-    options.setSkipFilenameValidation(!enforceFilenameRestrictions);
     MOZ_ASSERT(JS_IsGlobalObject(sandbox));
 
     const nsPromiseFlatString& flat = PromiseFlatString(source);

js/xpconnect/src/XPCComponents.cpp

@@ -1448,9 +1448,8 @@ nsXPCComponents_Utils::ReportError(HandleValue error, HandleValue stack,
 NS_IMETHODIMP
 nsXPCComponents_Utils::EvalInSandbox(
     const nsAString& source, HandleValue sandboxVal, HandleValue version,
-    const nsACString& filenameArg, int32_t lineNumber,
-    bool enforceFilenameRestrictions, JSContext* cx, uint8_t optionalArgc,
-    MutableHandleValue retval) {
+    const nsACString& filenameArg, int32_t lineNumber, JSContext* cx,
+    uint8_t optionalArgc, MutableHandleValue retval) {
   RootedObject sandbox(cx);
   if (!JS_ValueToObject(cx, sandboxVal, &sandbox) || !sandbox) {
     return NS_ERROR_INVALID_ARG;
@@ -1473,11 +1472,8 @@ nsXPCComponents_Utils::EvalInSandbox(
       lineNo = frame->GetLineNumber(cx);
     }
   }
-  enforceFilenameRestrictions =
-      (optionalArgc >= 4) ? enforceFilenameRestrictions : true;
 
-  return xpc::EvalInSandbox(cx, sandbox, source, filename, lineNo,
-                            enforceFilenameRestrictions, retval);
+  return xpc::EvalInSandbox(cx, sandbox, source, filename, lineNo, retval);
 }
 
 NS_IMETHODIMP

js/xpconnect/src/XPCJSRuntime.cpp

@@ -20,7 +20,6 @@
 #include "mozJSComponentLoader.h"
 #include "nsAutoPtr.h"
 #include "nsNetUtil.h"
-#include "nsContentSecurityUtils.h"
 
 #include "nsExceptionHandler.h"
 #include "nsIMemoryInfoDumper.h"
@@ -3073,10 +3072,6 @@ void XPCJSRuntime::Initialize(JSContext* cx) {
   JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
                                        this);
   JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
-  if (XRE_IsE10sParentProcess()) {
-    JS::SetFilenameValidationCallback(
-        nsContentSecurityUtils::ValidateScriptFilename);
-  }
   js::SetPreserveWrapperCallback(cx, PreserveWrapper);
   JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
   JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);

js/xpconnect/src/XPCShellImpl.cpp

@@ -366,9 +366,7 @@ static bool Load(JSContext* cx, unsigned argc, Value* vp) {
       return false;
     }
     JS::CompileOptions options(cx);
-    options.setFileAndLine(filename.get(), 1)
-        .setIsRunOnce(true)
-        .setSkipFilenameValidation(true);
+    options.setFileAndLine(filename.get(), 1).setIsRunOnce(true);
     JS::Rooted<JSScript*> script(cx);
     JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx));
     script = JS::CompileUtf8File(cx, options, file);
@@ -701,9 +699,7 @@ static bool ProcessUtf8Line(AutoJSAPI& jsapi, const char* buffer,
                             int startline) {
   JSContext* cx = jsapi.cx();
   JS::CompileOptions options(cx);
-  options.setFileAndLine("typein", startline)
-      .setIsRunOnce(true)
-      .setSkipFilenameValidation(true);
+  options.setFileAndLine("typein", startline).setIsRunOnce(true);
 
   JS::SourceText<mozilla::Utf8Unit> srcBuf;
   if (!srcBuf.init(cx, buffer, strlen(buffer), JS::SourceOwnership::Borrowed)) {
@@ -773,8 +769,7 @@ static bool ProcessFile(AutoJSAPI& jsapi, const char* filename, FILE* file,
     JS::CompileOptions options(cx);
     options.setFileAndLine(filename, 1)
         .setIsRunOnce(true)
-        .setNoScriptRval(true)
-        .setSkipFilenameValidation(true);
+        .setNoScriptRval(true);
     script = JS::CompileUtf8File(cx, options, file);
     if (!script) {
       return false;
@@ -991,7 +986,6 @@ static bool ProcessArgs(AutoJSAPI& jsapi, char** argv, int argc,
         }
 
         JS::CompileOptions opts(cx);
-        opts.setSkipFilenameValidation(true);
         opts.setFileAndLine("-e", 1);
 
         JS::SourceText<mozilla::Utf8Unit> srcBuf;

js/xpconnect/src/nsXPConnect.cpp

@@ -783,8 +783,7 @@ nsXPConnect::EvalInSandboxObject(const nsAString& source, const char* filename,
   } else {
     filenameStr = NS_LITERAL_CSTRING("x-bogus://XPConnect/Sandbox");
   }
-  return EvalInSandbox(cx, sandbox, source, filenameStr, 1,
-                       /* enforceFilenameRestrictions */ true, rval);
+  return EvalInSandbox(cx, sandbox, source, filenameStr, 1, rval);
 }
 
 NS_IMETHODIMP

js/xpconnect/src/xpcprivate.h

@@ -2504,8 +2504,7 @@ nsresult CreateSandboxObject(JSContext* cx, JS::MutableHandleValue vp,
 // principal and line number 1 as a fallback.
 nsresult EvalInSandbox(JSContext* cx, JS::HandleObject sandbox,
                        const nsAString& source, const nsACString& filename,
-                       int32_t lineNo, bool enforceFilenameRestrictions,
-                       JS::MutableHandleValue rval);
+                       int32_t lineNo, JS::MutableHandleValue rval);
 
 // Helper for retrieving metadata stored in a reserved slot. The metadata
 // is set during the sandbox creation using the "metadata" option.

modules/libpref/init/StaticPrefList.yaml

@@ -7352,13 +7352,6 @@
   value: 40
   mirror: always
 
-# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
-# not allowed for Firefox Desktop in firefox.js
-- name: security.allow_parent_unrestricted_js_loads
-  type: RelaxedAtomicBool
-  value: true
-  mirror: always
-
 # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
 # not allowed for Firefox Desktop in firefox.js
 - name: security.allow_eval_with_system_principal

netwerk/base/ProxyAutoConfig.cpp

@@ -728,7 +728,6 @@ nsresult ProxyAutoConfig::SetupJS() {
 
   auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
     JS::CompileOptions options(cx);
-    options.setSkipFilenameValidation(true);
     options.setFileAndLine(this->mPACURI.get(), 1);
 
     // Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,

testing/marionette/evaluate.js

@@ -135,14 +135,7 @@ evaluate.sandbox = function(
     marionetteSandbox.window.addEventListener("unload", unloadHandler);
 
     let promises = [
-      Cu.evalInSandbox(
-        src,
-        sb,
-        "1.8",
-        file,
-        line,
-        /* enforceFilenameRestrictions */ false
-      ),
+      Cu.evalInSandbox(src, sb, "1.8", file, line),
       timeoutPromise,
     ];
 

toolkit/components/telemetry/Events.yaml

@@ -1726,8 +1726,6 @@ security:
       Expected values are:
         chromeuri - chrome:// file
         resourceuri - resource:// file
-        datauri - a data URI
-        bloburi - a blob URI
         singlestring - A single file or string with no slashes
         mozillaextension - An extension claiming to be from *mozilla.org
         otherextension - Another extension not from Mozilla
@@ -1739,43 +1737,29 @@ security:
                               the value prepared as for sanitizedWindowsPath, or the bare scheme of
                               the original url
         other - Unknown
-        other-on-worker - We cannot do a regex; it is not a chrome, resource, data, or blob uri, but
+        other-on-worker - We cannot do a regex; it is not chromeuri or resourceuri, but
                           could be any other.
         regexfailure - Our Regex Matching code threw an error
       The fileinfo key may contain additional information about the file that caused the eval()
       depending on the above value. Resource, Chrome, and SingleString will contain the full value.
       Extensions will contain the full value; however .xpi! will be shortened to !,
-      shield.mozilla.org! to s! and mozilla.org! to m!.  Data, Blob, UserChromeJS, Other, and
-      Regexfailure should have no value.
+      shield.mozilla.org! to s! and mozilla.org! to m!.  UserChromeJS, Other, and Regexfailure should
+      have no value.
+    expiry_version: "never"
     notification_emails:
       - tom@mozilla.com
       - ckerschb@mozilla.com
     release_channel_collection: opt-out
     products:
       - firefox
+      - fennec
+      - geckoview
     expiry_version: "75"
     record_in_processes:
       - all
     extra_keys:
       fileinfo: Information about the file that triggered eval
-  javascriptLoad:
-    objects: ["parentProcess"]
-    bug_numbers:
-      - 1582512
-    description: >
-      The javascript engine requested to load a filename that was not allowed.
-      Expected values, and fileinfo key, are the same possible values as above in 'evalUsage'
-    notification_emails:
-      - tom@mozilla.com
-      - gijs@mozilla.com
-    release_channel_collection: opt-out
-    products:
-      - firefox
-    expiry_version: "77"
-    record_in_processes:
-      - main
-    extra_keys:
-      fileinfo: Information about the filename that was requested to be loaded
+
 
 # This data collection is intended for study-only collection
 # and is not meant to be enabled permanently on opt-in or opt-out.