Last Update: 2015-08-23 13:33 Created at: 2015-08-23 13:28 RSS
Access to the `eval` global

Status
Priority
Milestone
Tags
No Tags

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using

eval and the Function constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

Severity for automated signing: high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the Function constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling Object.getPrototypeOf on an existing function object.

content/addBookmarksOverlay.js

120     //dump("NewFunct: "+newFunct+"\n");
121     eval("expandTree = " + newFunct);
122     //dump("ExpandTree: "+expandTree.toString()+"\n");

2015-08-23
13:33 The body has been updated (shitamo)
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using eval and the Function constructor when at all possible. Alternatives are available for most
13:28 Create New Ticket(#50521): Access to the `eval` global (shitamo)