Skip to main content

Bug Tracker

Side navigation

#7371 closed bug (fixed)

Opened November 01, 2010 11:59PM UTC

Closed January 17, 2011 09:31PM UTC

Last modified August 16, 2012 02:13PM UTC

Delay Execution of Eval Test

Reported by: john Owned by: john
Priority: blocker Milestone: 1.5
Component: support Version: 1.4.4
Keywords: Cc:
Blocked by: Blocking:

So that we don't throw errors due to CSP we should delay the script execution test in support.js until later. This will cause a regression (as the property won't exist until the test is run) thus we should land this in a major release.

More details about CSP:

Attachments (0)
Change History (12)

Changed November 01, 2010 11:59PM UTC by john comment:1

owner: → john
status: newassigned

Changed November 01, 2010 11:59PM UTC by john comment:2

component: unfiledsupport
priority: undecidedhigh

Changed November 02, 2010 03:28PM UTC by bsterne comment:3

Even though this won't be released until 1.5 it would be great to have a patch as soon as possible as sites are starting to implement CSP and I'd love to be let them patch themselves pre-release.

Changed November 17, 2010 01:15AM UTC by Brandon Sterne <> comment:4

I posted a patch over here and created a pull request.

Changed November 19, 2010 09:12PM UTC by Brandon Sterne <> comment:5

I cancelled the previous pull request and created a new patch that leaves the bulk of the changes in support.js.

Changed November 21, 2010 10:10PM UTC by snover comment:6

3rd party pull request

Changed January 14, 2011 05:42PM UTC by john comment:7

priority: highblocker

Changed January 17, 2011 09:31PM UTC by Brandon Sterne comment:8

resolution: → fixed
status: assignedclosed

Defer scriptEval test until first use to prevent Content Security Policy inline-script violations from occuring. Fixes #7371.

Changeset: 220a0ce1628d376ec14394c9b0be3c10f92a4cdb

Changed February 07, 2011 10:54PM UTC by rwaldron comment:9

blocking: → 8200

Changed February 07, 2011 11:50PM UTC by jitter comment:10

keywords: → needsdocs

Changed February 12, 2011 02:03AM UTC by jitter comment:11

For those interested. Test case is here

Changed August 16, 2012 02:13PM UTC by dmethvin comment:12

keywords: needsdocs

Since the code now only runs this for IE 6-8 and those don't support CSP, it's safe to leave as-is.