commit 27de6594db0ebec8ffee688b7eb025e188e71469
parent ec8a6a54a0472cb37ca23161ec9bf30ebc6e057f
Author: Tom Schuster <tschuster@mozilla.com>
Date: Fri, 24 Oct 2025 07:54:43 +0000
Bug 1994980 - Test privileged eval blocking in the xpc-shell r=simonf
Differential Revision: https://phabricator.services.mozilla.com/D269404
Diffstat:
2 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/dom/security/test/unit/test_privileged_eval_blocking.js b/dom/security/test/unit/test_privileged_eval_blocking.js
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Workaround for bug 1973683
+add_setup(() => {
+ Services.prefs.setBoolPref("extensions.webextensions.remote", true);
+ registerCleanupFunction(() => {
+ Services.prefs.clearUserPref("extensions.webextensions.remote");
+ });
+});
+
+add_task(async function () {
+ let errorObserved = new Promise(resolve => {
+ const listener = {
+ observe({ message }) {
+ if (message.includes("eval() and eval-like")) {
+ Services.console.unregisterListener(listener);
+ resolve();
+ }
+ },
+ };
+ Services.console.registerListener(listener);
+ });
+
+ if (mozinfo.os == "android") {
+ // eslint-disable-next-line no-eval
+ Assert.equal(eval("42"), 42, "eval on Android is not disabled yet");
+ } else {
+ Assert.throws(
+ // eslint-disable-next-line no-eval
+ () => eval("42"),
+ EvalError,
+ "eval() in privileged context should throw"
+ );
+ }
+
+ await errorObserved;
+});
diff --git a/dom/security/test/unit/xpcshell.toml b/dom/security/test/unit/xpcshell.toml
@@ -16,3 +16,6 @@ head = ""
["test_https_only_https_first_prefs.js"]
["test_isOriginPotentiallyTrustworthy.js"]
+
+["test_privileged_eval_blocking.js"]
+skip-if = ["debug"] # Using eval in debug builds triggers an assert.
