corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1958232 - Allow eval in browser.xhtml and other priviliged contexts with a special pref. r=tjr

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D244306
This commit is contained in:
Tom Schuster
2025-04-11 14:46:11 +00:00
parent 290f0399f2
commit a5e6ce2f4e
9 changed files with 71 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dom/security/nsContentSecurityUtils.cpp
View File

@@ -646,6 +646,13 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
return true;
}
if (StaticPrefs::
security_allow_unsafe_dangerous_privileged_evil_eval_AtStartup()) {
MOZ_LOG(sCSMLog, LogLevel::Debug,
("Allowing eval() because security.allow_unsafe_dangerous_priviliged_evil_eval is enabled."));
return true;
}
if (aIsSystemPrincipal &&
StaticPrefs::security_allow_eval_with_system_principal()) {
MOZ_LOG(sCSMLog, LogLevel::Debug,