SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-06

From MozillaWiki
Jump to navigation Jump to search

« previous week | index | next week »

This Week

Monday, 06 August

  • Under CSP, inline Eval() are by default disabled. To allow users to allow or disallow inline Eval() setting for each domain, I added inline Eval() disabled/enabled option to add-on UI under "ALL" tabs.
  • Local database of add-on extended to support inline Eval choice of users.

Tuesday, 07 August

  • Tested inline Eval() feature added to add-on UI with a webiste I created in VM.
  • I setup VM running "www.example.com" website. Its inlineEval.html page is as follows:
<html>
<body>
 <a href="javascript:eval(alert('hi'));" >Click here </a>
 </body>
</html>

When I clicked on "Click here" button it showed alert prompt with text 'hi'. After I disabled inline Eval for the website using our add-on, the prompt was disallowed, which is the expected result.

Wednesday, 08 August

Thursday, 09 August

Friday, 10 August

Retrieved from "https://wiki.mozilla.org/index.php?title=SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-06&oldid=459897"