Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using
eval and the Function constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
Severity for automated signing: high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the Function constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling Object.getPrototypeOf on an existing function object.
content/addBookmarksOverlay.js120 //dump("NewFunct: "+newFunct+"\n"); 121 eval("expandTree = " + newFunct); 122 //dump("ExpandTree: "+expandTree.toString()+"\n");