Bug 1490165 - CSP blocking function() must return an EvalError, r=ckerschb
authorAndrea Marchesini <amarchesini@mozilla.com>
Mon, 17 Sep 2018 17:53:10 +0200
changeset 436809 28025c893d7853142edd91840ea801b6f599b8be
parent 436808 ebcf49549e65feea89be2cc429b7ff8a4e59e509
child 436810 cc8df9e94e81b0dd6b9145469a84ff14ea1172e8
push id34660
push userbtara@mozilla.com
push dateMon, 17 Sep 2018 21:58:52 +0000
treeherdermozilla-central@87a95e1b7ec6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1490165
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1490165 - CSP blocking function() must return an EvalError, r=ckerschb
js/src/js.msg
testing/web-platform/meta/content-security-policy/inside-worker/dedicated-script.html.ini
testing/web-platform/meta/content-security-policy/inside-worker/shared-script.html.ini
--- a/js/src/js.msg
+++ b/js/src/js.msg
@@ -151,17 +151,17 @@ MSG_DEF(JSMSG_CALLER_IS_STRICT,        0
 MSG_DEF(JSMSG_DEPRECATED_USAGE,        1, JSEXN_REFERENCEERR, "deprecated {0} usage")
 MSG_DEF(JSMSG_NOT_SCRIPTED_FUNCTION,   1, JSEXN_TYPEERR, "{0} is not a scripted function")
 MSG_DEF(JSMSG_NO_REST_NAME,            0, JSEXN_SYNTAXERR, "no parameter name after ...")
 MSG_DEF(JSMSG_PARAMETER_AFTER_REST,    0, JSEXN_SYNTAXERR, "parameter after rest parameter")
 MSG_DEF(JSMSG_TOO_MANY_ARGUMENTS,      0, JSEXN_RANGEERR, "too many arguments provided for a function call")
 
 // CSP
 MSG_DEF(JSMSG_CSP_BLOCKED_EVAL,        0, JSEXN_EVALERR, "call to eval() blocked by CSP")
-MSG_DEF(JSMSG_CSP_BLOCKED_FUNCTION,    0, JSEXN_ERR, "call to Function() blocked by CSP")
+MSG_DEF(JSMSG_CSP_BLOCKED_FUNCTION,    0, JSEXN_EVALERR, "call to Function() blocked by CSP")
 
 // Wrappers
 MSG_DEF(JSMSG_ACCESSOR_DEF_DENIED,     1, JSEXN_ERR, "Permission denied to define accessor property {0}")
 MSG_DEF(JSMSG_DEAD_OBJECT,             0, JSEXN_TYPEERR, "can't access dead object")
 MSG_DEF(JSMSG_OBJECT_ACCESS_DENIED,    0, JSEXN_ERR, "Permission denied to access object")
 MSG_DEF(JSMSG_PROPERTY_ACCESS_DENIED,  1, JSEXN_ERR, "Permission denied to access property {0}")
 
 // JSAPI-only (Not thrown as JS exceptions)
--- a/testing/web-platform/meta/content-security-policy/inside-worker/dedicated-script.html.ini
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/dedicated-script.html.ini
@@ -1,29 +1,20 @@
 [dedicated-script.html]
   expected: ERROR
-  [`eval()` blocked in blob:]
-    expected: FAIL
-
   [`setTimeout([string\])` blocked in blob:]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Cross-origin `importScripts()` blocked in http:]
     expected: FAIL
 
   [Cross-origin `importScripts()` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20*)]
     expected: FAIL
 
   [Cross-origin `importScripts()` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20*)]
     expected: FAIL
 
   [`eval()` blocked in http:]
     expected: FAIL
 
   [`setTimeout([string\])` blocked in http:]
     expected: FAIL
 
-  [`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20*)]
-    expected: FAIL
-
-  [`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20*)]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/inside-worker/shared-script.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[shared-script.html]
-  [`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20%27self%27]
-    expected: FAIL
-
-  [`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20%27self%27]
-    expected: FAIL
-