mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-04 19:33:18 +00:00
Bug 1564527 - Enable AssertEvalNotUsingSystemPrincipal on Nightly builds r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D37460 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
c8af1a97a0
commit
0ca0f2dea1
@ -400,7 +400,7 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
||||
JSContext* cx, JS::HandleValue aValue) {
|
||||
MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext());
|
||||
|
||||
#if defined(DEBUG) && !defined(ANDROID)
|
||||
#if !defined(ANDROID) && (defined(NIGHTLY_BUILD) || defined(DEBUG))
|
||||
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(subjectPrincipal,
|
||||
cx);
|
||||
|
@ -31,7 +31,7 @@ nsresult CheckInternal(nsIContentSecurityPolicy* aCSP,
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
MOZ_ASSERT(aAllowed);
|
||||
|
||||
#if defined(DEBUG) && !defined(ANDROID)
|
||||
#if !defined(ANDROID) && (defined(NIGHTLY_BUILD) || defined(DEBUG))
|
||||
JSContext* cx = nsContentUtils::GetCurrentJSContext();
|
||||
nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(aSubjectPrincipal,
|
||||
cx);
|
||||
|
@ -173,6 +173,7 @@ void nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(
|
||||
|
||||
static StaticAutoPtr<nsTArray<nsCString>> sUrisAllowEval;
|
||||
JS::AutoFilename scriptFilename;
|
||||
nsAutoCString fileName;
|
||||
if (JS::DescribeScriptedCaller(cx, &scriptFilename)) {
|
||||
if (!sUrisAllowEval) {
|
||||
sUrisAllowEval = new nsTArray<nsCString>();
|
||||
@ -185,7 +186,6 @@ void nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(
|
||||
ClearOnShutdown(&sUrisAllowEval);
|
||||
}
|
||||
|
||||
nsAutoCString fileName;
|
||||
fileName = nsAutoCString(scriptFilename.get());
|
||||
// Extract file name alone if scriptFilename contains line number
|
||||
// separated by multiple space delimiters in few cases.
|
||||
@ -202,7 +202,8 @@ void nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(
|
||||
}
|
||||
}
|
||||
|
||||
MOZ_ASSERT(false, "do not use eval with system privileges");
|
||||
MOZ_CRASH_UNSAFE_PRINTF("do not use eval with system privileges: %s",
|
||||
fileName.get());
|
||||
}
|
||||
|
||||
/* static */
|
||||
|
Loading…
Reference in New Issue
Block a user