Changeset 2388


Ignore:
Timestamp:
Sep 30, 2014, 2:25:18 PM (4 years ago)
Author:
matthijs
Message:

Always pass an anonymous function to setInterval

When passing a named function (which is essentially just a variable) to
a function, it could be possible for that variable to contain a string,
which setInterval will happily evaluate as javascript code. This leads
to hard to detect potential security issues.

Location:
desktop/foneradownloader/trunk/chrome/content
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • desktop/foneradownloader/trunk/chrome/content/browser.xul

    r2387 r2388  
    4242
    4343    // necesary hack, some callbacks wont work on statusbar
    44     window.setInterval(FoneraStatus.drawTooltip, 60*100);
     44    window.setInterval(function() {FoneraStatus.drawTooltip();}, 60*100);
    4545
    4646    // refresh policies:
  • desktop/foneradownloader/trunk/chrome/content/options.xul

    r2387 r2388  
    156156    window.addEventListener("load", FoneraAccountsPrefs.loadEvents, false);
    157157    window.addEventListener("unload", FoneraAccountsPrefs.unloadEvents, false);
    158     window.setInterval(FoneraAccountsPrefs.fillAccountsIntoTree, 5*60*100);
     158    window.setInterval(function() { FoneraAccountsPrefs.fillAccountsIntoTree(); }, 5*60*100);
    159159  </script>
    160160</prefwindow>
Note: See TracChangeset for help on using the changeset viewer.