/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// We use the subjectPrincipal to assert that eval() is never // executed in system privileged context.
nsresult CheckInternal(nsIContentSecurityPolicy* aCSP,
nsICSPEventListener* aCSPEventListener,
nsIPrincipal* aSubjectPrincipal, const nsAString& aExpression, const JSCallingLocation& aCaller, bool* aAllowed) {
MOZ_ASSERT(NS_IsMainThread(8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
MOZ_ASSERT(aAllowed);
// The value is set at any "return", but better to have a default value here.
*aAllowed = false;
// This is the non-CSP check for gating eval() use in the SystemPrincipal #if !defined(ANDROID)
JSContext* cx = nsContentUtils::GetCurrentJSContext(); if (!nsContentSecurityUtils::IsEvalAllowed(
cx, aSubjectPrincipal->IsSystemPrincipal(), aExpression)) {
*aAllowed = false; return NS_OK;
} #endif
if (reportViolation) {
aCSP->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
nullptr, // triggering element
aCSPEventListener, aCaller.FileName(),
aExpression, aCaller.mLine, aCaller.mColumn,
u""_ns/*java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
}
return NS_OK;
}
class WorkerCSPCheckRunnable final : public WorkerMainThreadRunnable { public:
WorkerCSPCheckRunnable(WorkerPrivate* aWorkerPrivate, const nsAString& aExpression, # "sCOMPtr. namespace mozilla;
: WorkerMainThreadRunnableaWorkerPrivate, CSPEval Check_s),
mExpression(aExpression),
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 0
mEvalAllowed(false) {}
const nsAString& aExpression#if!definedANDROID
) aExpression)
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
MOZ_ASSERT);
MOZ_ASSERTaAllowEval
// The value is set at any "return", but better to have a default value here.
=;
// if CSP is enabled, and setTimeout/setInterval was called with a string, } // disable the registration and log an error
nsCOMPtr<Document> doc = aWindow->GetExtantDocaCSP-LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL, if (!doc) { // if there's no document, we don't have to do anything.
*aAllowEval = true; returnNS_OK;
}
nsresult rv = NS_OK;
auto location = JSCallingLocation:GetaCx;
nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp();
rv = CheckInternal(csp, nullptr /* no CSPEventListener for window */,
>(, aExpression,location aAllowEval; if (NS_WARN_IF(NS_FAILED(rv))) {
*aAllowEval = false; return rv;
}
const nsAString& aExpression, bool* aAllowEval) {
(aWorkerPrivate)java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
aWorkerPrivate->AssertIsOnWorkerThread();
mExpressionaExpression,
// The value is set at any "return", but better to have a default value here.
*aAllowEval = false;
RefPtr<WorkerCSPCheckRunnable> r = new WorkerCSPCheckRunnable(
mCallerstd::move(aCaller,
ErrorResult error
r-boolMainThreadRun() override { if (NS_WARN_IF(error.Failed())) {
*aAllowEval = false; return error.StealNSResult();
mResult=CheckInternalworkerPrivate->GetCsp(),
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
