commit 0b9ec9c4945a008a00f1892267f8bf64af5f66de
parent 49957c69c2940c2f15ce106eb94fe3004f88a2c6
Author: Tom Schuster <tschuster@mozilla.com>
Date: Wed, 29 Oct 2025 15:21:10 +0000
Bug 1995573 - Block privileged eval on Android in Nightly. r=freddyb
Differential Revision: https://phabricator.services.mozilla.com/D270309
Diffstat:
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
@@ -750,7 +750,7 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
MOZ_CRASH_UNSAFE_PRINTF("%s", crashString.get());
#endif
-#ifdef ANDROID
+#if defined(ANDROID) && !defined(NIGHTLY_BUILD)
return true;
#else
return false;
diff --git a/dom/security/test/unit/test_privileged_eval_blocking.js b/dom/security/test/unit/test_privileged_eval_blocking.js
@@ -23,9 +23,13 @@ add_task(async function () {
Services.console.registerListener(listener);
});
- if (mozinfo.os == "android") {
- // eslint-disable-next-line no-eval
- Assert.equal(eval("42"), 42, "eval on Android is not disabled yet");
+ if (mozinfo.os == "android" && !mozinfo.nightly_build) {
+ Assert.equal(
+ // eslint-disable-next-line no-eval
+ eval("42"),
+ 42,
+ "eval on Android is not disabled yet outside of Nightly"
+ );
} else {
Assert.throws(
// eslint-disable-next-line no-eval
