Bug 1549326 - Remove simpletest.js from eval()-whitelist, r=ckerschb
☠☠ backed out by cefcbfd25b82 ☠ ☠
authorJonas Allmann <jallmann@mozilla.com>
Thu, 09 May 2019 16:02:49 +0000
changeset 535133 e925cef1cadfa7dc2dff699ae3d980a11705196c
parent 535132 98989127264bd94ee0030809e1a9019832198a8f
child 535134 763d3da981174de750c7caf1d19bdff73c864f25
push id2082
push userffxbld-merge
push dateMon, 01 Jul 2019 08:34:18 +0000
treeherdermozilla-release@2fb19d0466d2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1549326
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1549326 - Remove simpletest.js from eval()-whitelist, r=ckerschb Amend several test files for triggering eval() assertion through simpletest.js Differential Revision: https://phabricator.services.mozilla.com/D30474
dom/base/test/chrome/cpows_parent.xul
dom/base/test/chrome/file_bug1139964.xul
dom/base/test/chrome/file_bug1209621.xul
dom/base/test/chrome/file_bug549682.xul
dom/base/test/chrome/file_bug616841.xul
dom/base/test/chrome/file_bug816340.xul
dom/base/test/chrome/file_bug990812-1.xul
dom/base/test/chrome/file_bug990812-2.xul
dom/base/test/chrome/file_bug990812-3.xul
dom/base/test/chrome/file_bug990812-4.xul
dom/base/test/chrome/file_bug990812-5.xul
dom/messagechannel/tests/mm_messageChannelParent.js
js/xpconnect/tests/chrome/file_bug618176.xul
layout/base/tests/chrome/test_bug1018265.xul
modules/libpref/init/all.js
--- a/dom/base/test/chrome/cpows_parent.xul
+++ b/dom/base/test/chrome/cpows_parent.xul
@@ -505,16 +505,16 @@
       BrowserTestUtils.loadURI(browser, "http://mochi.test:8888/tests/dom/base/test/chrome/cpows_child.html");
       await BrowserTestUtils.browserLoaded(browser);
 
       run_tests('remote');
     }
 
     function finish() {
       ok(gReceivedErrorProbe, "Should have reported error probe");
-      opener.setTimeout("done()", 0);
+      opener.setTimeout(function() { this.done(); }, 0);
       window.close();
     }
   ]]></script>
 
   <browser type="content" src="about:blank" id="cpowbrowser_remote" remote="true"/>
   <browser type="content" src="about:blank" id="cpowbrowser_inprocess"/>
 </window>
--- a/dom/base/test/chrome/file_bug1139964.xul
+++ b/dom/base/test/chrome/file_bug1139964.xul
@@ -39,17 +39,17 @@ https://bugzilla.mozilla.org/show_bug.cg
   }
 
   function tabListener(m) {
     messageManager.removeMessageListener(msgName, tabListener);
     ok(m.data.hasPromise, "BrowserChildGlobal should have Promise object in the global scope!");
     ok(m.data.hasTextEncoder, "BrowserChildGlobal should have TextEncoder object in the global scope!");
     ok(m.data.hasWindow, "BrowserChildGlobal should have Window object in the global scope!");
 
-    opener.setTimeout("done()", 0);
+    opener.setTimeout(function() { this.done(); }, 0);
     window.close();
   }
 
   function run() {
     ppm.addMessageListener(msgName, processListener)
     ppm.loadProcessScript("data:,(" + mmScriptForPromiseTest.toString() + ")()", true);
   }
 
--- a/dom/base/test/chrome/file_bug1209621.xul
+++ b/dom/base/test/chrome/file_bug1209621.xul
@@ -59,17 +59,17 @@ https://bugzilla.mozilla.org/show_bug.cg
     remote2.setAttribute("primary", "true");
     var tp2 = remote2.frameLoader.remoteTab;
     ok(tp2, "Remote browsers should have a remoteTab.");
     is(treeOwner.primaryRemoteTab, tp2,
        "primary remote browser should be the primaryRemoteTab.");
     is(treeOwner.primaryContentShell, null,
        "There shouldn't be primaryContentShell because no browser has primary=true.");
 
-    opener.setTimeout("done()", 0);
+    opener.setTimeout(function() { this.done(); }, 0);
     window.close();
   }
 
   ]]></script>
   <browser type="content" src="about:blank" id="inprocess"/>
   <browser type="content" remote="true" src="about:blank" id="remote"/>
   <browser type="content" remote="true" src="about:blank" id="remote2"/>
 </window>
--- a/dom/base/test/chrome/file_bug549682.xul
+++ b/dom/base/test/chrome/file_bug549682.xul
@@ -114,17 +114,17 @@ https://bugzilla.mozilla.org/show_bug.cg
   };
 
   function weakDoneListener() {
     ok(weakMessageReceived, 'Got "weak" message.');
     finish();
   }
 
   function finish() {
-    opener.setTimeout("done()", 0);
+    opener.setTimeout(function() { this.done(); }, 0);
     var i = document.getElementById("ifr");
     i.remove(); // This is a crash test!
     window.close();
   }
 
   function loadScript() {
     // Async should be processed first!
     messageManager.loadFrameScript("data:,\
--- a/dom/base/test/chrome/file_bug616841.xul
+++ b/dom/base/test/chrome/file_bug616841.xul
@@ -48,16 +48,16 @@ https://bugzilla.mozilla.org/show_bug.cg
 
     function start() {
       messageManager.addMessageListener("contentReady", recvContentReady);
       messageManager.addMessageListener("cmp", recvCmp);
       messageManager.loadFrameScript(FRAME_SCRIPT, true);
     }
 
     function finish() {
-      opener.setTimeout("done()", 0);
+      opener.setTimeout(function() { this.done(); }, 0);
       window.close();
     }
 
   ]]></script>
 
   <browser id="browser" type="content" src="about:blank"/>
 </window>
--- a/dom/base/test/chrome/file_bug816340.xul
+++ b/dom/base/test/chrome/file_bug816340.xul
@@ -55,16 +55,16 @@ https://bugzilla.mozilla.org/show_bug.cg
       testElement("div", false, true);
       testElement("div", true, true);
 
       for (var i = 0; i < elems.length; ++i) {
         testElement(elems[i], false, true);
         testElement(elems[i], true, false);
       }
       ok(true, "done");
-      opener.setTimeout("done()", 0);
+      opener.setTimeout(function() { this.done(); }, 0);
       window.close();
     }
 
   ]]></script>
 
   <browser id="browser" type="content" src="about:blank"/>
 </window>
--- a/dom/base/test/chrome/file_bug990812-1.xul
+++ b/dom/base/test/chrome/file_bug990812-1.xul
@@ -35,17 +35,17 @@ https://bugzilla.mozilla.org/show_bug.cg
 
       var order = ["global", "window", "group"];
 
       messageManager.addMessageListener("test", function onMessage(msg) {
         var next = order.shift();
         opener.wrappedJSObject.is(msg.data, next, "received test:" + next);
 
         if (order.length == 0) {
-          opener.setTimeout("next()");
+          opener.setTimeout(function() { this.next(); });
           window.close();
         }
       });
 
       var browser = document.createElement("browser");
       browser.setAttribute("messagemanagergroup", "test");
       browser.setAttribute("src", "about:mozilla");
       browser.setAttribute("type", "content");
--- a/dom/base/test/chrome/file_bug990812-2.xul
+++ b/dom/base/test/chrome/file_bug990812-2.xul
@@ -39,17 +39,17 @@ https://bugzilla.mozilla.org/show_bug.cg
       var global = promiseMessage("global", globalMM);
       var window = promiseMessage("window", messageManager);
       var group = promiseMessage("group", getGroupMessageManager("test"));
 
       var browser = document.querySelector("browser");
       browser.messageManager.loadFrameScript(FRAME_SCRIPT, true);
 
       Promise.all([global, window, group]).then(function () {
-        opener.setTimeout("next()");
+        opener.setTimeout(function() { this.next(); });
         self.close();
       });
     }
 
   ]]></script>
 
   <browser messagemanagergroup="test" type="content" src="about:mozilla" />
 
--- a/dom/base/test/chrome/file_bug990812-3.xul
+++ b/dom/base/test/chrome/file_bug990812-3.xul
@@ -50,17 +50,17 @@ https://bugzilla.mozilla.org/show_bug.cg
       mm2.loadFrameScript(FRAME_SCRIPT, true);
 
       getGroupMessageManager("test1").broadcastAsyncMessage("test", "group1");
       getGroupMessageManager("test2").broadcastAsyncMessage("test", "group2");
       messageManager.broadcastAsyncMessage("test", "window");
       globalMM.broadcastAsyncMessage("test", "global");
 
       Promise.all([promise1, promise2]).then(function () {
-        opener.setTimeout("next()");
+        opener.setTimeout(function() { this.next(); });
         window.close();
       });
     }
 
   ]]></script>
 
   <browser messagemanagergroup="test1" type="content" src="about:mozilla" />
   <browser messagemanagergroup="test2" type="content" src="about:mozilla" />
--- a/dom/base/test/chrome/file_bug990812-4.xul
+++ b/dom/base/test/chrome/file_bug990812-4.xul
@@ -45,17 +45,17 @@ https://bugzilla.mozilla.org/show_bug.cg
 
       var promise1 = promiseMessage("frame2", getGroupMessageManager("test1"));
       var promise2 = promiseMessage("frame1", getGroupMessageManager("test2"));
 
       browser1.swapFrameLoaders(browser2);
       messageManager.broadcastAsyncMessage("test");
 
       Promise.all([promise1, promise2]).then(function () {
-        opener.setTimeout("next()");
+        opener.setTimeout(function() { this.next(); });
         window.close();
       });
     }
 
   ]]></script>
 
   <browser messagemanagergroup="test1" type="content" src="about:mozilla" />
   <browser messagemanagergroup="test2" type="content" src="about:mozilla" />
--- a/dom/base/test/chrome/file_bug990812-5.xul
+++ b/dom/base/test/chrome/file_bug990812-5.xul
@@ -53,17 +53,17 @@ https://bugzilla.mozilla.org/show_bug.cg
       gmm2.loadFrameScript(FRAME_SCRIPT2, true);
 
       var promise1 = promiseTwoMessages("group1", gmm1);
       var promise2 = promiseTwoMessages("group2", gmm2);
 
       messageManager.broadcastAsyncMessage("test");
 
       Promise.all([promise1, promise2]).then(function () {
-        opener.setTimeout("next()");
+        opener.setTimeout(function() { this.next(); });
         window.close();
       });
     }
 
   ]]></script>
 
   <browser messagemanagergroup="test1" type="content" src="about:mozilla" />
   <browser messagemanagergroup="test1" type="content" src="about:mozilla" />
--- a/dom/messagechannel/tests/mm_messageChannelParent.js
+++ b/dom/messagechannel/tests/mm_messageChannelParent.js
@@ -13,17 +13,17 @@ function is(v1, v2, message) {
   return opener.wrappedJSObject.is(v1, v2, message);
 }
 
 function todo_is(v1, v2, message) {
   return opener.wrappedJSObject.todo_is(v1, v2, message);
 }
 
 function finish() {
-  opener.setTimeout("done()", 0);
+  opener.setTimeout(function() { this.done(); }, 0);
   window.close();
 }
 
 function debug(msg) {
   dump("[mmMessageChannelParent]" + msg + "\n");
 }
 
 let tests = [ basic_test,
--- a/js/xpconnect/tests/chrome/file_bug618176.xul
+++ b/js/xpconnect/tests/chrome/file_bug618176.xul
@@ -33,16 +33,16 @@ https://bugzilla.mozilla.org/show_bug.cg
       const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
       let triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
       setTimeout(function () {
         document.getElementById("browser").loadURI(TEST_PAGE, {triggeringPrincipal});
       }, 0);
     }
 
     function finish() {
-      opener.setTimeout("done()", 0);
+      opener.setTimeout(function() { this.done(); }, 0);
       window.close();
     }
 
   ]]></script>
 
   <browser id="browser" type="content" style="width: 200px; height: 200px;"/>
 </window>
--- a/layout/base/tests/chrome/test_bug1018265.xul
+++ b/layout/base/tests/chrome/test_bug1018265.xul
@@ -19,17 +19,17 @@ https://bugzilla.mozilla.org/show_bug.cg
   SimpleTest.waitForExplicitFinish();
 
   function run() {
     window.open("file_bug1018265.xul", "contentViewerTest", "chrome,width=100,height=100");
   }
 
   function done() {
     ok(true, "done");
-    setTimeout("SimpleTest.finish()", 0);
+    setTimeout(function() { SimpleTest.finish(); }, 0);
   }
   ]]>
   </script>
 
   <!-- test results are displayed in the html:body -->
   <body xmlns="http://www.w3.org/1999/xhtml">
   <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1018265"
      target="_blank">Mozilla Bug 1018265</a>
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2656,17 +2656,17 @@ pref("security.notification_enable_delay
 
 #if defined(DEBUG) && !defined(ANDROID)
 pref("csp.about_uris_without_csp", "blank,printpreview,srcdoc,about,addons,cache-entry,config,crashes,debugging,devtools,downloads,home,memory,networking,newtab,performance,plugins,policies,profiles,restartrequired,serviceworkers,sessionrestore,support,sync-log,telemetry,url-classifier,webrtc,welcomeback");
 // the following prefs are for testing purposes only.
 pref("csp.overrule_about_uris_without_csp_whitelist", false);
 pref("csp.skip_about_page_has_csp_assert", false);
 // assertion flag will be set to false after fixing Bug 1473549
 pref("security.allow_eval_with_system_principal", false);
-pref("security.uris_using_eval_with_system_principal", "autocomplete.xml,redux.js,react-redux.js,content-task.js,preferencesbindings.js,lodash.js,jszip.js,sinon-7.2.7.js,ajv-4.1.1.js,jsol.js,simpletest/simpletest.js");
+pref("security.uris_using_eval_with_system_principal", "autocomplete.xml,redux.js,react-redux.js,content-task.js,preferencesbindings.js,lodash.js,jszip.js,sinon-7.2.7.js,ajv-4.1.1.js,jsol.js");
 #endif
 
 #if defined(DEBUG) || defined(FUZZING)
 // Disallow web documents loaded with the SystemPrincipal
 pref("security.disallow_non_local_systemprincipal_in_tests", false);
 #endif
 
 // Mixed content blocking