Backed out 10 changesets (bug 1582512) for causing browser_preferences_usage.js to permafail CLOSED TREE

Backed out changeset a615a2c07523 (bug 1582512) Backed out changeset 7dd0266da0a1 (bug 1582512) Backed out changeset dfdefc6ede97 (bug 1582512) Backed out changeset 59db30e1915f (bug 1582512) Backed out changeset 1eb6f6b02149 (bug 1582512) Backed out changeset 391ed11326fb (bug 1582512) Backed out changeset 02865605c1c3 (bug 1582512) Backed out changeset 017582048986 (bug 1582512) Backed out changeset 1374c08302f9 (bug 1582512) Backed out changeset 40dd63b6910a (bug 1582512)
2025-04-03 21:22:47 +00:00 · 2019-12-02 19:23:12 +02:00 · 2019-12-02 19:23:12 +02:00 · e473bd5f57
commit e473bd5f57
parent 34bc485e5e
30 changed files with 67 additions and 349 deletions
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -516,8 +516,6 @@ pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
 pref("security.allow_eval_with_system_principal", false);
 pref("security.allow_eval_in_parent_process", false);
 pref("security.allow_parent_unrestricted_js_loads", false);
 #ifdef NIGHTLY_BUILD
  pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
 #else
--- a/devtools/client/shared/sourceeditor/test/browser_codemirror.js
+++ b/devtools/client/shared/sourceeditor/test/browser_codemirror.js
@ -29,8 +29,6 @@ async function test() {
    "privacy.resistFingerprinting.reduceTimerPrecision.microseconds",
    2000
  );
  // Needed for a loadFrameScript(data:) call in helper_codemirror_runner.js
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  const tab = await addTab(URI);
  runCodeMirrorTest(tab.linkedBrowser);
--- a/devtools/client/shared/sourceeditor/test/browser_vimemacs.js
+++ b/devtools/client/shared/sourceeditor/test/browser_vimemacs.js
@ -8,13 +8,11 @@ const URI =
  "/shared/sourceeditor/test/codemirror/vimemacs.html";
 loadHelperScript("helper_codemirror_runner.js");
-async function test() {
+function test() {
  requestLongerTimeout(4);
  waitForExplicitFinish();
-  // Needed for a loadFrameScript(data:) call in helper_codemirror_runner.js
+  addTab(URI).then(function(tab) {
-  await pushPref("security.allow_parent_unrestricted_js_loads", true);
+    runCodeMirrorTest(tab.linkedBrowser);
-
+  });
  const tab = await addTab(URI);
  runCodeMirrorTest(tab.linkedBrowser);
 }
--- a/devtools/client/shared/test/test-actor-registry.js
+++ b/devtools/client/shared/test/test-actor-registry.js
@ -12,7 +12,7 @@
  const { fetch } = require("devtools/shared/DevToolsUtils");
  const TEST_URL_ROOT =
-    "chrome://mochitests/content/browser/devtools/client/shared/test/";
+    "http://example.com/browser/devtools/client/shared/test/";
  const ACTOR_URL = TEST_URL_ROOT + "test-actor.js";
  // Register a test actor that can operate on the remote document
--- a/devtools/client/webconsole/test/browser/browser_console.js
+++ b/devtools/client/webconsole/test/browser/browser_console.js
@ -21,8 +21,6 @@ const TEST_IMAGE =
  "test/test-image.png";
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  await pushPref("devtools.browserconsole.contentMessages", true);
  await addTab(TEST_URI);
--- a/devtools/client/webconsole/test/browser/browser_console_chrome_context_message.js
+++ b/devtools/client/webconsole/test/browser/browser_console_chrome_context_message.js
@ -7,9 +7,6 @@
 "use strict";
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  // Show the content messages
  await pushPref("devtools.browserconsole.contentMessages", true);
--- a/devtools/client/webconsole/test/browser/browser_console_cpow.js
+++ b/devtools/client/webconsole/test/browser/browser_console_cpow.js
@ -12,9 +12,6 @@ const {
 } = require("devtools/client/framework/devtools-browser");
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  await addTab("about:blank");
  const hud = await BrowserConsoleManager.openBrowserConsoleOrFocus();
--- a/devtools/client/webconsole/test/browser/browser_console_dead_objects.js
+++ b/devtools/client/webconsole/test/browser/browser_console_dead_objects.js
@ -13,9 +13,6 @@
 "use strict";
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  const hud = await BrowserConsoleManager.toggleBrowserConsole();
  ok(hud, "browser console opened");
--- a/devtools/client/webconsole/test/browser/browser_console_jsterm_await.js
+++ b/devtools/client/webconsole/test/browser/browser_console_jsterm_await.js
@ -10,8 +10,6 @@ const TEST_URI =
  "data:text/html;charset=utf-8,Top-level await Browser Console test";
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  // Enable await mapping.
  await pushPref("devtools.debugger.features.map-await-expression", true);
--- a/devtools/client/webconsole/test/browser/browser_jsterm_await_error.js
+++ b/devtools/client/webconsole/test/browser/browser_jsterm_await_error.js
@ -9,9 +9,6 @@ const TEST_URI =
  "data:text/html;charset=utf-8,Web Console test failing top-level await";
 add_task(async function() {
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  // Enable await mapping.
  await pushPref("devtools.debugger.features.map-await-expression", true);
  const hud = await openNewTabAndConsole(TEST_URI);
--- a/devtools/client/webconsole/test/browser/browser_jsterm_hide_when_devtools_chrome_enabled_false.js
+++ b/devtools/client/webconsole/test/browser/browser_jsterm_hide_when_devtools_chrome_enabled_false.js
@ -26,9 +26,6 @@ requestLongerTimeout(2);
 add_task(async function() {
  let browserConsole, webConsole, objInspector;
  // Needed for the execute() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  // We don't use `pushPref()` because we need to revert the same pref later
  // in the test.
  Services.prefs.setBoolPref("devtools.chrome.enabled", true);
--- a/devtools/client/webconsole/test/browser/browser_toolbox_console_new_process.js
+++ b/devtools/client/webconsole/test/browser/browser_toolbox_console_new_process.js
@ -26,8 +26,6 @@ Services.scriptloader.loadSubScript(
 add_task(async function() {
  await pushPref("devtools.browsertoolbox.fission", true);
  // Needed for the invokeInTab() function below
  await pushPref("security.allow_parent_unrestricted_js_loads", true);
  await addTab(TEST_URI);
  const ToolboxTask = await initBrowserToolboxTask();
--- a/devtools/shared/test-helpers/browser_allocation_tracker.js
+++ b/devtools/shared/test-helpers/browser_allocation_tracker.js
@ -37,8 +37,7 @@ add_task(async function() {
    global,
    undefined,
    "test-file.js",
-    1,
+    1
    /* enforceFilenameRestrictions */ false
  );
  /* eslint-enable no-undef */
@ -59,14 +58,7 @@ add_task(async function() {
      ` + ${afterCreation - before} -> ${afterCreation})`
  );
-  Cu.evalInSandbox(
+  Cu.evalInSandbox("list = null;", global, undefined, "test-file.js", 7);
    "list = null;",
    global,
    undefined,
    "test-file.js",
    7,
    /* enforceFilenameRestrictions */ false
  );
  Cu.forceGC();
  Cu.forceCC();
--- a/devtools/shared/worker/tests/browser/browser_worker-01.js
+++ b/devtools/shared/worker/tests/browser/browser_worker-01.js
@ -20,10 +20,6 @@ const WORKER_DATA = (function() {
 const INTERVAL = 100;
 const DURATION = 1000;
 registerCleanupFunction(function() {
  Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
 });
 add_task(async function() {
  // Test both CJS and JSM versions
@ -35,11 +31,6 @@ add_task(async function() {
 });
 async function testWorker(context, workerFactory) {
  // Needed for blob:null
  Services.prefs.setBoolPref(
    "security.allow_parent_unrestricted_js_loads",
    true
  );
  const { DevToolsWorker, workerify } = workerFactory();
  const worker = new DevToolsWorker(WORKER_URL);
  const results = await worker.performTask("plotTimestampsGraph", {
@ -61,10 +52,6 @@ async function testWorker(context, workerFactory) {
 }
 async function testTransfer() {
  Services.prefs.setBoolPref(
    "security.allow_parent_unrestricted_js_loads",
    true
  );
  const { workerify } = ChromeUtils.import(
    "resource://devtools/shared/worker/worker.js"
  );
--- a/devtools/shared/worker/tests/browser/browser_worker-03.js
+++ b/devtools/shared/worker/tests/browser/browser_worker-03.js
@ -25,16 +25,7 @@ function squarePromiseReject(x) {
  return new Promise((_, reject) => reject("Nope"));
 }
 registerCleanupFunction(function() {
  Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
 });
 add_task(async function() {
  // Needed for blob:null
  Services.prefs.setBoolPref(
    "security.allow_parent_unrestricted_js_loads",
    true
  );
  let fn = workerify(square);
  is(await fn(5), 25, "return primitives successful");
  fn.destroy();
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@ -18,7 +18,6 @@
 #  include <wininet.h>
 #endif
 #include "mozilla/Logging.h"
 #include "mozilla/dom/Document.h"
 #include "mozilla/StaticPrefs_extensions.h"
@ -135,7 +134,7 @@ nsString OptimizeFileName(const nsAString& aFileName) {
 }
 /*
- * FilenameToFilenameType takes a fileName and returns a Pair of strings.
+ * FilenameToEvalType takes a fileName and returns a Pair of strings.
 * The First entry is a string indicating the type of fileName
 * The Second entry is a Maybe<string> that can contain additional details to
 * report.
@ -147,13 +146,11 @@ nsString OptimizeFileName(const nsAString& aFileName) {
 */
 /* static */
-FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
+FilenameType nsContentSecurityUtils::FilenameToEvalType(
    const nsString& fileName) {
  // These are strings because the Telemetry Events API only accepts strings
  static NS_NAMED_LITERAL_CSTRING(kChromeURI, "chromeuri");
  static NS_NAMED_LITERAL_CSTRING(kResourceURI, "resourceuri");
  static NS_NAMED_LITERAL_CSTRING(kBlobUri, "bloburi");
  static NS_NAMED_LITERAL_CSTRING(kDataUri, "dataurl");
  static NS_NAMED_LITERAL_CSTRING(kSingleString, "singlestring");
  static NS_NAMED_LITERAL_CSTRING(kMozillaExtension, "mozillaextension");
  static NS_NAMED_LITERAL_CSTRING(kOtherExtension, "otherextension");
@ -174,23 +171,15 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
  // resource:// and chrome://
  if (StringBeginsWith(fileName, NS_LITERAL_STRING("chrome://"))) {
-    return FilenameTypeAndDetails(kChromeURI, Some(fileName));
+    return FilenameType(kChromeURI, Some(fileName));
  }
  if (StringBeginsWith(fileName, NS_LITERAL_STRING("resource://"))) {
-    return FilenameTypeAndDetails(kResourceURI, Some(fileName));
+    return FilenameType(kResourceURI, Some(fileName));
  }
  // blob: and data:
  if (StringBeginsWith(fileName, NS_LITERAL_STRING("blob:"))) {
    return FilenameTypeAndDetails(kBlobUri, Nothing());
  }
  if (StringBeginsWith(fileName, NS_LITERAL_STRING("data:"))) {
    return FilenameTypeAndDetails(kDataUri, Nothing());
  }
  if (!NS_IsMainThread()) {
    // We can't do Regex matching off the main thread; so just report.
-    return FilenameTypeAndDetails(kOtherWorker, Nothing());
+    return FilenameType(kOtherWorker, Nothing());
  }
  // Extension
@ -199,7 +188,7 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
  nsresult rv = RegexEval(kExtensionRegex, fileName, /* aOnlyMatch = */ false,
                          regexMatch, &regexResults);
  if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
  }
  if (regexMatch) {
    nsCString type =
@ -208,27 +197,26 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
            : kOtherExtension;
    auto& extensionNameAndPath =
        Substring(regexResults[0], ArrayLength("extensions/") - 1);
-    return FilenameTypeAndDetails(type,
+    return FilenameType(type, Some(OptimizeFileName(extensionNameAndPath)));
                                  Some(OptimizeFileName(extensionNameAndPath)));
  }
  // Single File
  rv = RegexEval(kSingleFileRegex, fileName, /* aOnlyMatch = */ true,
                 regexMatch);
  if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
  }
  if (regexMatch) {
-    return FilenameTypeAndDetails(kSingleString, Some(fileName));
+    return FilenameType(kSingleString, Some(fileName));
  }
  // Suspected userChromeJS script
  rv = RegexEval(kUCJSRegex, fileName, /* aOnlyMatch = */ true, regexMatch);
  if (NS_FAILED(rv)) {
-    return FilenameTypeAndDetails(kRegexFailure, Nothing());
+    return FilenameType(kRegexFailure, Nothing());
  }
  if (regexMatch) {
-    return FilenameTypeAndDetails(kSuspectedUserChromeJS, Nothing());
+    return FilenameType(kSuspectedUserChromeJS, Nothing());
  }
 #if defined(XP_WIN)
@ -248,16 +236,14 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
        sanitizedPathAndScheme.Append(NS_LITERAL_STRING("://.../"));
        sanitizedPathAndScheme.Append(strSanitizedPath);
      }
-      return FilenameTypeAndDetails(kSanitizedWindowsURL,
+      return FilenameType(kSanitizedWindowsURL, Some(sanitizedPathAndScheme));
                                    Some(sanitizedPathAndScheme));
    } else {
-      return FilenameTypeAndDetails(kSanitizedWindowsPath,
+      return FilenameType(kSanitizedWindowsPath, Some(strSanitizedPath));
                                    Some(strSanitizedPath));
    }
  }
 #endif
-  return FilenameTypeAndDetails(kOther, Nothing());
+  return FilenameType(kOther, Nothing());
 }
 class EvalUsageNotificationRunnable final : public Runnable {
@ -475,13 +461,12 @@ void nsContentSecurityUtils::NotifyEvalUsage(bool aIsSystemPrincipal,
      aIsSystemPrincipal ? Telemetry::EventID::Security_Evalusage_Systemcontext
                         : Telemetry::EventID::Security_Evalusage_Parentprocess;
-  FilenameTypeAndDetails fileNameTypeAndDetails =
+  FilenameType fileNameType = FilenameToEvalType(aFileNameA);
      FilenameToFilenameType(aFileNameA);
  mozilla::Maybe<nsTArray<EventExtraEntry>> extra;
-  if (fileNameTypeAndDetails.second().isSome()) {
+  if (fileNameType.second().isSome()) {
    extra = Some<nsTArray<EventExtraEntry>>({EventExtraEntry{
        NS_LITERAL_CSTRING("fileinfo"),
-        NS_ConvertUTF16toUTF8(fileNameTypeAndDetails.second().value())}});
+        NS_ConvertUTF16toUTF8(fileNameType.second().value())}});
  } else {
    extra = Nothing();
  }
@ -489,8 +474,7 @@ void nsContentSecurityUtils::NotifyEvalUsage(bool aIsSystemPrincipal,
    sTelemetryEventEnabled = true;
    Telemetry::SetEventRecordingEnabled(NS_LITERAL_CSTRING("security"), true);
  }
-  Telemetry::RecordEvent(eventType,
+  Telemetry::RecordEvent(eventType, mozilla::Some(fileNameType.first()), extra);
                         mozilla::Some(fileNameTypeAndDetails.first()), extra);
  // Report an error to console
  nsCOMPtr<nsIConsoleService> console(
@ -692,101 +676,3 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
             "about: page must not contain a CSP including 'unsafe-inline'");
 }
 #endif
 /* static */
 bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
                                                    bool aIsSystemRealm) {
  // If the pref is permissive, allow everything
  if (StaticPrefs::security_allow_parent_unrestricted_js_loads()) {
    return true;
  }
  // If we're not in the parent process allow everything (presently)
  if (!XRE_IsE10sParentProcess()) {
    return true;
  }
  // We only perform a check of this preference on the Main Thread
  // (because a String-based preference check is only safe on Main Thread.)
  // The consequence of this is that if a user is using userChromeJS _and_
  // the scripts they use start a worker - we will enter this function,
  // skip over this pref check that would normally cause us to allow the
  // load - and we will block it.
  // While not ideal, we do not officially support userChromeJS, and hopefully
  // the usage of workers is even lower than userChromeJS usage.
  if (NS_IsMainThread()) {
    // This preference is a file used for autoconfiguration of Firefox
    // by administrators. It has also been (ab)used by the userChromeJS
    // project to run legacy-style 'extensions', some of which use eval,
    // all of which run in the System Principal context.
    nsAutoString jsConfigPref;
    Preferences::GetString("general.config.filename", jsConfigPref);
    if (!jsConfigPref.IsEmpty()) {
      MOZ_LOG(sCSMLog, LogLevel::Debug,
              ("Allowing a javascript load of %s because "
               "general.config.filename is set",
               aFilename));
      return true;
    }
  }
  if (XRE_IsE10sParentProcess() &&
      !StaticPrefs::extensions_webextensions_remote()) {
    MOZ_LOG(sCSMLog, LogLevel::Debug,
            ("Allowing a javascript load of %s because the web extension "
             "process is disabled.",
             aFilename));
    return true;
  }
  NS_ConvertUTF8toUTF16 filenameU(aFilename);
  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
    // If it's a chrome:// url, allow it
    return true;
  }
  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("resource://"))) {
    // If it's a resource:// url, allow it
    return true;
  }
  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("file://"))) {
    // We will temporarily allow all file:// URIs through for now
    return true;
  }
  if (StringBeginsWith(filenameU, NS_LITERAL_STRING("jar:file://"))) {
    // We will temporarily allow all jar URIs through for now
    return true;
  }
  // Log to MOZ_LOG
  MOZ_LOG(sCSMLog, LogLevel::Info,
          ("ValidateScriptFilename System:%i %s\n", (aIsSystemRealm ? 1 : 0),
           aFilename));
  // Send Telemetry
  FilenameTypeAndDetails fileNameTypeAndDetails =
      FilenameToFilenameType(filenameU);
  Telemetry::EventID eventType =
      Telemetry::EventID::Security_Javascriptload_Parentprocess;
  mozilla::Maybe<nsTArray<EventExtraEntry>> extra;
  if (fileNameTypeAndDetails.second().isSome()) {
    extra = Some<nsTArray<EventExtraEntry>>({EventExtraEntry{
        NS_LITERAL_CSTRING("fileinfo"),
        NS_ConvertUTF16toUTF8(fileNameTypeAndDetails.second().value())}});
  } else {
    extra = Nothing();
  }
  if (!sTelemetryEventEnabled.exchange(true)) {
    sTelemetryEventEnabled = true;
    Telemetry::SetEventRecordingEnabled(NS_LITERAL_CSTRING("security"), true);
  }
  Telemetry::RecordEvent(eventType,
                         mozilla::Some(fileNameTypeAndDetails.first()), extra);
  // Presently we are not enforcing any restrictions for the script filename,
  // we're only reporting Telemetry. In the future we will assert in debug
  // builds and return false to prevent execution in non-debug builds.
  return true;
 }
--- a/dom/security/nsContentSecurityUtils.h
+++ b/dom/security/nsContentSecurityUtils.h
@ -18,12 +18,11 @@ class Document;
 }  // namespace dom
 }  // namespace mozilla
-typedef mozilla::Pair<nsCString, mozilla::Maybe<nsString>>
+typedef mozilla::Pair<nsCString, mozilla::Maybe<nsString>> FilenameType;
    FilenameTypeAndDetails;
 class nsContentSecurityUtils {
 public:
-  static FilenameTypeAndDetails FilenameToFilenameType(const nsString& fileName);
+  static FilenameType FilenameToEvalType(const nsString& fileName);
  static bool IsEvalAllowed(JSContext* cx, bool aIsSystemPrincipal,
                            const nsAString& aScript);
  static void NotifyEvalUsage(bool aIsSystemPrincipal,
@ -39,9 +38,6 @@ class nsContentSecurityUtils {
 #if defined(DEBUG)
  static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
 #endif
  static bool ValidateScriptFilename(const char* aFilename,
                                     bool aIsSystemRealm);
 };
 #endif /* nsContentSecurityUtils_h___ */
--- a/dom/security/test/gtest/TestFilenameEvalParser.cpp
+++ b/dom/security/test/gtest/TestFilenameEvalParser.cpp
@ -14,8 +14,6 @@
 static NS_NAMED_LITERAL_CSTRING(kChromeURI, "chromeuri");
 static NS_NAMED_LITERAL_CSTRING(kResourceURI, "resourceuri");
 static NS_NAMED_LITERAL_CSTRING(kBlobUri, "bloburi");
 static NS_NAMED_LITERAL_CSTRING(kDataUri, "dataurl");
 static NS_NAMED_LITERAL_CSTRING(kSingleString, "singlestring");
 static NS_NAMED_LITERAL_CSTRING(kMozillaExtension, "mozillaextension");
 static NS_NAMED_LITERAL_CSTRING(kOtherExtension, "otherextension");
@ -34,48 +32,18 @@ TEST(FilenameEvalParser, ResourceChrome)
 {
  {
    NS_NAMED_LITERAL_STRING(str, "chrome://firegestures/content/browser.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kChromeURI && ret.second().isSome() &&
                ret.second().value() == str);
  }
  {
    NS_NAMED_LITERAL_STRING(str, "resource://firegestures/content/browser.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kResourceURI && ret.second().isSome() &&
                ret.second().value() == str);
  }
 }
 TEST(FilenameEvalParser, BlobData)
 {
  {
    NS_NAMED_LITERAL_STRING(str, "blob://000-000");
    FilenameTypeAndDetails ret =
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kBlobUri && !ret.second().isSome());
  }
  {
    NS_NAMED_LITERAL_STRING(str, "blob:000-000");
    FilenameTypeAndDetails ret =
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kBlobUri && !ret.second().isSome());
  }
  {
    NS_NAMED_LITERAL_STRING(str, "data://blahblahblah");
    FilenameTypeAndDetails ret =
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kDataUri && !ret.second().isSome());
  }
  {
    NS_NAMED_LITERAL_STRING(str, "data:blahblahblah");
    FilenameTypeAndDetails ret =
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kDataUri && !ret.second().isSome());
  }
 }
 TEST(FilenameEvalParser, MozExtension)
 {
  {  // Test shield.mozilla.org replacing
@ -84,8 +52,7 @@ TEST(FilenameEvalParser, MozExtension)
        "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
        "extensions/federated-learning@shield.mozilla.org.xpi!/experiments/"
        "study/api.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kMozillaExtension &&
                ret.second().value() ==
                    NS_LITERAL_STRING(
@ -97,8 +64,7 @@ TEST(FilenameEvalParser, MozExtension)
        "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
        "extensions/federated-learning@shigeld.mozilla.org.xpi!/experiments/"
        "study/api.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(
        ret.first() == kMozillaExtension &&
        ret.second().value() ==
@ -111,8 +77,7 @@ TEST(FilenameEvalParser, MozExtension)
        "jar:file:///c:/users/bob/appdata/roaming/mozilla/firefox/profiles/foo/"
        "extensions/federated-learning@shigeld.mozilla.org.xpi!/experiments/"
        "study/apiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(
        ret.first() == kMozillaExtension &&
        ret.second().value() ==
@ -125,23 +90,20 @@ TEST(FilenameEvalParser, UserChromeJS)
 {
  {
    NS_NAMED_LITERAL_STRING(str, "firegestures/content/browser.uc.js");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                !ret.second().isSome());
  }
  {
    NS_NAMED_LITERAL_STRING(str, "firegestures/content/browser.uc.js?");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                !ret.second().isSome());
  }
  {
    nsLiteralString str =
        NS_LITERAL_STRING("firegestures/content/browser.uc.js?243244224");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                !ret.second().isSome());
  }
@ -150,8 +112,7 @@ TEST(FilenameEvalParser, UserChromeJS)
        str,
        "file:///b:/fxprofiles/mark/chrome/"
        "addbookmarkherewithmiddleclick.uc.js?1558444389291");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSuspectedUserChromeJS &&
                !ret.second().isSome());
  }
@ -161,15 +122,13 @@ TEST(FilenameEvalParser, SingleFile)
 {
  {
    NS_NAMED_LITERAL_STRING(str, "browser.uc.js?2456");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSingleString && ret.second().isSome() &&
                ret.second().value() == str);
  }
  {
    NS_NAMED_LITERAL_STRING(str, "debugger");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kSingleString && ret.second().isSome() &&
                ret.second().value() == str);
  }
@ -179,14 +138,12 @@ TEST(FilenameEvalParser, Other)
 {
  {
    NS_NAMED_LITERAL_STRING(str, "firegestures--content");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
    ASSERT_TRUE(ret.first() == kOther && !ret.second().isSome());
  }
  {
    NS_NAMED_LITERAL_STRING(str, "gallop://thing/fire");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                ret.second().value() == NS_LITERAL_STRING("gallop"));
@ -196,8 +153,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "gallop://fire");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                ret.second().value() == NS_LITERAL_STRING("gallop"));
@ -207,8 +163,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "firegestures/content");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                ret.second().value() == NS_LITERAL_STRING("content"));
@ -218,8 +173,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "firegestures\\content");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                ret.second().value() == NS_LITERAL_STRING("content"));
@ -229,8 +183,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "/home/tom/files/thing");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                ret.second().value() == NS_LITERAL_STRING("thing"));
@ -240,8 +193,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "file://c/uers/tom/file.txt");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                ret.second().value() ==
@ -252,8 +204,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "c:/uers/tom/file.txt");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsPath &&
                ret.second().value() == NS_LITERAL_STRING("file.txt"));
@ -263,8 +214,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "http://example.com/");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                ret.second().value() == NS_LITERAL_STRING("http"));
@ -274,8 +224,7 @@ TEST(FilenameEvalParser, Other)
  }
  {
    NS_NAMED_LITERAL_STRING(str, "http://example.com/thing.html");
-    FilenameTypeAndDetails ret =
+    FilenameType ret = nsContentSecurityUtils::FilenameToEvalType(str);
        nsContentSecurityUtils::FilenameToFilenameType(str);
 #if defined(XP_WIN)
    ASSERT_TRUE(ret.first() == kSanitizedWindowsURL &&
                ret.second().value() == NS_LITERAL_STRING("http"));
--- a/js/src/debugger/Frame.cpp
+++ b/js/src/debugger/Frame.cpp
@ -861,12 +861,7 @@ static bool EvaluateInEnv(JSContext* cx, Handle<Env*> env,
  options.setIsRunOnce(true)
      .setNoScriptRval(false)
      .setFileAndLine(filename, lineno)
-      .setIntroductionType("debugger eval")
+      .setIntroductionType("debugger eval");
      /* Do not perform the Javascript filename validation security check for
       * javascript executions sent through the debugger. Besides making up
       * a filename for these codepaths, we must allow arbitrary JS execution
       * for the Browser toolbox to function. */
      .setSkipFilenameValidation(true);
  if (frame && frame.hasScript() && frame.script()->strict()) {
    options.setForceStrictMode();
--- a/js/xpconnect/idl/xpccomponents.idl
+++ b/js/xpconnect/idl/xpccomponents.idl
@ -136,8 +136,7 @@ interface nsIXPCComponents_Utils : nsISupports
    jsval evalInSandbox(in AString source, in jsval sandbox,
                        [optional] in jsval version,
                        [optional] in AUTF8String filename,
-                        [optional] in long lineNo,
+                        [optional] in long lineNo);
                        [optional] in bool enforceFilenameRestrictions);
    /*
     * Get the sandbox for running JS-implemented UA widgets (video controls etc.),
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@ -1881,8 +1881,7 @@ nsresult nsXPCComponents_utils_Sandbox::CallOrConstruct(
 nsresult xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg,
                            const nsAString& source, const nsACString& filename,
-                            int32_t lineNo, bool enforceFilenameRestrictions,
+                            int32_t lineNo, MutableHandleValue rval) {
                            MutableHandleValue rval) {
  JS_AbortIfWrongThread(cx);
  rval.set(UndefinedValue());
@ -1924,7 +1923,6 @@ nsresult xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg,
    JS::CompileOptions options(sandcx);
    options.setFileAndLine(filenameBuf.get(), lineNo);
    options.setSkipFilenameValidation(!enforceFilenameRestrictions);
    MOZ_ASSERT(JS_IsGlobalObject(sandbox));
    const nsPromiseFlatString& flat = PromiseFlatString(source);
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@ -1448,9 +1448,8 @@ nsXPCComponents_Utils::ReportError(HandleValue error, HandleValue stack,
 NS_IMETHODIMP
 nsXPCComponents_Utils::EvalInSandbox(
    const nsAString& source, HandleValue sandboxVal, HandleValue version,
-    const nsACString& filenameArg, int32_t lineNumber,
+    const nsACString& filenameArg, int32_t lineNumber, JSContext* cx,
-    bool enforceFilenameRestrictions, JSContext* cx, uint8_t optionalArgc,
+    uint8_t optionalArgc, MutableHandleValue retval) {
    MutableHandleValue retval) {
  RootedObject sandbox(cx);
  if (!JS_ValueToObject(cx, sandboxVal, &sandbox) || !sandbox) {
    return NS_ERROR_INVALID_ARG;
@ -1473,11 +1472,8 @@ nsXPCComponents_Utils::EvalInSandbox(
      lineNo = frame->GetLineNumber(cx);
    }
  }
  enforceFilenameRestrictions =
      (optionalArgc >= 4) ? enforceFilenameRestrictions : true;
-  return xpc::EvalInSandbox(cx, sandbox, source, filename, lineNo,
+  return xpc::EvalInSandbox(cx, sandbox, source, filename, lineNo, retval);
                            enforceFilenameRestrictions, retval);
 }
 NS_IMETHODIMP
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@ -20,7 +20,6 @@
 #include "mozJSComponentLoader.h"
 #include "nsAutoPtr.h"
 #include "nsNetUtil.h"
 #include "nsContentSecurityUtils.h"
 #include "nsExceptionHandler.h"
 #include "nsIMemoryInfoDumper.h"
@ -3073,10 +3072,6 @@ void XPCJSRuntime::Initialize(JSContext* cx) {
  JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
                                       this);
  JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
  if (XRE_IsE10sParentProcess()) {
    JS::SetFilenameValidationCallback(
        nsContentSecurityUtils::ValidateScriptFilename);
  }
  js::SetPreserveWrapperCallback(cx, PreserveWrapper);
  JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
  JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@ -366,9 +366,7 @@ static bool Load(JSContext* cx, unsigned argc, Value* vp) {
      return false;
    }
    JS::CompileOptions options(cx);
-    options.setFileAndLine(filename.get(), 1)
+    options.setFileAndLine(filename.get(), 1).setIsRunOnce(true);
        .setIsRunOnce(true)
        .setSkipFilenameValidation(true);
    JS::Rooted<JSScript*> script(cx);
    JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx));
    script = JS::CompileUtf8File(cx, options, file);
@ -701,9 +699,7 @@ static bool ProcessUtf8Line(AutoJSAPI& jsapi, const char* buffer,
                            int startline) {
  JSContext* cx = jsapi.cx();
  JS::CompileOptions options(cx);
-  options.setFileAndLine("typein", startline)
+  options.setFileAndLine("typein", startline).setIsRunOnce(true);
      .setIsRunOnce(true)
      .setSkipFilenameValidation(true);
  JS::SourceText<mozilla::Utf8Unit> srcBuf;
  if (!srcBuf.init(cx, buffer, strlen(buffer), JS::SourceOwnership::Borrowed)) {
@ -773,8 +769,7 @@ static bool ProcessFile(AutoJSAPI& jsapi, const char* filename, FILE* file,
    JS::CompileOptions options(cx);
    options.setFileAndLine(filename, 1)
        .setIsRunOnce(true)
-        .setNoScriptRval(true)
+        .setNoScriptRval(true);
        .setSkipFilenameValidation(true);
    script = JS::CompileUtf8File(cx, options, file);
    if (!script) {
      return false;
@ -991,7 +986,6 @@ static bool ProcessArgs(AutoJSAPI& jsapi, char** argv, int argc,
        }
        JS::CompileOptions opts(cx);
        opts.setSkipFilenameValidation(true);
        opts.setFileAndLine("-e", 1);
        JS::SourceText<mozilla::Utf8Unit> srcBuf;
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@ -783,8 +783,7 @@ nsXPConnect::EvalInSandboxObject(const nsAString& source, const char* filename,
  } else {
    filenameStr = NS_LITERAL_CSTRING("x-bogus://XPConnect/Sandbox");
  }
-  return EvalInSandbox(cx, sandbox, source, filenameStr, 1,
+  return EvalInSandbox(cx, sandbox, source, filenameStr, 1, rval);
                       /* enforceFilenameRestrictions */ true, rval);
 }
 NS_IMETHODIMP
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@ -2504,8 +2504,7 @@ nsresult CreateSandboxObject(JSContext* cx, JS::MutableHandleValue vp,
 // principal and line number 1 as a fallback.
 nsresult EvalInSandbox(JSContext* cx, JS::HandleObject sandbox,
                       const nsAString& source, const nsACString& filename,
-                       int32_t lineNo, bool enforceFilenameRestrictions,
+                       int32_t lineNo, JS::MutableHandleValue rval);
                       JS::MutableHandleValue rval);
 // Helper for retrieving metadata stored in a reserved slot. The metadata
 // is set during the sandbox creation using the "metadata" option.
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -7352,13 +7352,6 @@
  value: 40
  mirror: always
 # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
 # not allowed for Firefox Desktop in firefox.js
 - name: security.allow_parent_unrestricted_js_loads
  type: RelaxedAtomicBool
  value: true
  mirror: always
 # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
 # not allowed for Firefox Desktop in firefox.js
 - name: security.allow_eval_with_system_principal
--- a/netwerk/base/ProxyAutoConfig.cpp
+++ b/netwerk/base/ProxyAutoConfig.cpp
@ -728,7 +728,6 @@ nsresult ProxyAutoConfig::SetupJS() {
  auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
    JS::CompileOptions options(cx);
    options.setSkipFilenameValidation(true);
    options.setFileAndLine(this->mPACURI.get(), 1);
    // Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,
--- a/testing/marionette/evaluate.js
+++ b/testing/marionette/evaluate.js
@ -135,14 +135,7 @@ evaluate.sandbox = function(
    marionetteSandbox.window.addEventListener("unload", unloadHandler);
    let promises = [
-      Cu.evalInSandbox(
+      Cu.evalInSandbox(src, sb, "1.8", file, line),
        src,
        sb,
        "1.8",
        file,
        line,
        /* enforceFilenameRestrictions */ false
      ),
      timeoutPromise,
    ];
--- a/toolkit/components/telemetry/Events.yaml
+++ b/toolkit/components/telemetry/Events.yaml
@ -1726,8 +1726,6 @@ security:
      Expected values are:
        chromeuri - chrome:// file
        resourceuri - resource:// file
        datauri - a data URI
        bloburi - a blob URI
        singlestring - A single file or string with no slashes
        mozillaextension - An extension claiming to be from *mozilla.org
        otherextension - Another extension not from Mozilla
@ -1739,43 +1737,29 @@ security:
                              the value prepared as for sanitizedWindowsPath, or the bare scheme of
                              the original url
        other - Unknown
-        other-on-worker - We cannot do a regex; it is not a chrome, resource, data, or blob uri, but
+        other-on-worker - We cannot do a regex; it is not chromeuri or resourceuri, but
                          could be any other.
        regexfailure - Our Regex Matching code threw an error
      The fileinfo key may contain additional information about the file that caused the eval()
      depending on the above value. Resource, Chrome, and SingleString will contain the full value.
      Extensions will contain the full value; however .xpi! will be shortened to !,
-      shield.mozilla.org! to s! and mozilla.org! to m!.  Data, Blob, UserChromeJS, Other, and
+      shield.mozilla.org! to s! and mozilla.org! to m!.  UserChromeJS, Other, and Regexfailure should
-      Regexfailure should have no value.
+      have no value.
    expiry_version: "never"
    notification_emails:
      - tom@mozilla.com
      - ckerschb@mozilla.com
    release_channel_collection: opt-out
    products:
      - firefox
      - fennec
      - geckoview
    expiry_version: "75"
    record_in_processes:
      - all
    extra_keys:
      fileinfo: Information about the file that triggered eval
-  javascriptLoad:
+
    objects: ["parentProcess"]
    bug_numbers:
      - 1582512
    description: >
      The javascript engine requested to load a filename that was not allowed.
      Expected values, and fileinfo key, are the same possible values as above in 'evalUsage'
    notification_emails:
      - tom@mozilla.com
      - gijs@mozilla.com
    release_channel_collection: opt-out
    products:
      - firefox
    expiry_version: "77"
    record_in_processes:
      - main
    extra_keys:
      fileinfo: Information about the filename that was requested to be loaded
 # This data collection is intended for study-only collection
 # and is not meant to be enabled permanently on opt-in or opt-out.