View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003824 | Taler | wallet (WebExtension) | public | 2015-06-04 22:19 | 2019-12-26 21:37 |
| Reporter | Christian Grothoff | Assigned To | tg | ||
| Priority | high | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | won't fix | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | 0.0 | ||||
| Target Version | 0.0 | Fixed in Version | 0.0 | ||
| Summary | 0003824: wallet should support upgrade mechanism | ||||
| Description | https://developer.mozilla.org/en/docs/Extension_Versioning,_Update_and_Compatibility https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#updateURL (naturally, our download website should also offer the necessary support) | ||||
| Tags | No tags attached. | ||||
|
|
Note that we *currently* don't have an SSL cert for HTTPS for taler.net, and the same goes for distribution via the GNU ftp/http mirrors. However, the McCoy approach seems technically awkward (there were remarks about it not working on GNU/Linux -- makes me wonder what it does work on...) and not terribly suitable for 'teams'. However, I guess FF is also unlikely to accept self-signed here. So maybe we should *defer* this one until EFF's CA is online and we can get a free cert. |
|
|
We now have a Let's encrypt signed SSL certificate for taler.net. This means we finally *can* support plugin updates, so we should implement that. |
|
|
Submitting to addons.mozilla.org (AMO) would be the best, then the addon shows up in the search result on both the website and in the browser when search for extensions. See also https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Agreement#4._Distribution.2C_Review_Criteria_.26_Process AMO has an automated extension validation tool, which reported the following issues: https://addons.mozilla.org/en-US/developers/upload/6934e72ddad14c4ead1f677d28a10b8b |
|
|
Mozilla is going to start enforcing extension signing soon: https://wiki.mozilla.org/Addons/Extension_Signing (see Timeline) This means we would have to submit it to AMO and pass the review process in order for users to be able to install it in Release and Beta versions of Firefox. More on the review process: https://blog.mozilla.org/addons/2011/02/04/overview-amo-review-process/ |
|
|
The link to the issues does not work without a login... |
|
|
General Tests ============= 1 error, 0 warnings, 0 notices Validation has timed out Error: Validation was unable to complete in the allotted time. This is most likely due to the size or complexity of your add-on. This timeout has been logged, but please consider filing an issue report here: http://mzl.la/1DG0sFd Security Tests ============== 0 errors, 1 warning, 0 notices Long inline script Warning: Please store complex scripts in .js files rather than inline script nodes. content/withdraw.xul 75 76 77 </script> </dialog> Extension Tests =============== 0 errors, 88 warnings, 4 notices Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 202 203 204 let val1_64 = ctypes.UInt64(val1); let val2_64 = ctypes.UInt64(val2); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 203 204 205 let val1_64 = ctypes.UInt64(val1); let val2_64 = ctypes.UInt64(val2); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 205 206 207 let sum = TWRALLamountAdd(ctypes.UInt64.lo(val1_64), ctypes.UInt64.hi(val1_64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 206 207 208 let sum = TWRALLamountAdd(ctypes.UInt64.lo(val1_64), ctypes.UInt64.hi(val1_64), ctypes.UInt64.lo(val2_64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 207 208 209 ctypes.UInt64.hi(val1_64), ctypes.UInt64.lo(val2_64), ctypes.UInt64.hi(val2_64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 208 209 210 ctypes.UInt64.lo(val2_64), ctypes.UInt64.hi(val2_64), frac1, Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 227 228 229 let value64 = ctypes.UInt64(value); let amountPtr = TWRALLgetAmount(ctypes.UInt64.lo(value64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 228 229 230 let value64 = ctypes.UInt64(value); let amountPtr = TWRALLgetAmount(ctypes.UInt64.lo(value64), ctypes.UInt64.hi(value64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/util.jsm 229 230 231 let amountPtr = TWRALLgetAmount(ctypes.UInt64.lo(value64), ctypes.UInt64.hi(value64), fraction, Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/test_api.jsm 497 498 499 let ll = ctypes.UInt64(666); let Hi = ctypes.UInt64.hi(ll); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/test_api.jsm 498 499 500 let ll = ctypes.UInt64(666); let Hi = ctypes.UInt64.hi(ll); let Lo = ctypes.UInt64.lo(ll); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/test_api.jsm 499 500 501 let Hi = ctypes.UInt64.hi(ll); let Lo = ctypes.UInt64.lo(ll); showOutput("dHi, dLo : " + Hi + ", " + Lo); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 235 236 237 // 4.a.2.a translates to 64-bit the involved quantities let value64 = ctypes.UInt64(aValue); let fee64sum = ctypes.UInt64(feeAmnt); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 236 237 238 let value64 = ctypes.UInt64(aValue); let fee64sum = ctypes.UInt64(feeAmnt); let amountPlusFee = TWRALLamountAdd(ctypes.UInt64.lo(value64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 237 238 239 let fee64sum = ctypes.UInt64(feeAmnt); let amountPlusFee = TWRALLamountAdd(ctypes.UInt64.lo(value64), ctypes.UInt64.hi(value64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 238 239 240 let amountPlusFee = TWRALLamountAdd(ctypes.UInt64.lo(value64), ctypes.UInt64.hi(value64), ctypes.UInt64.lo(fee64sum), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 239 240 241 ctypes.UInt64.hi(value64), ctypes.UInt64.lo(fee64sum), ctypes.UInt64.hi(fee64sum), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 240 241 242 ctypes.UInt64.lo(fee64sum), ctypes.UInt64.hi(fee64sum), aFrac, Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 246 247 248 // 4.a.3 get a 'fee amount struct' let fee64 = ctypes.UInt64(feeAmnt); let feeAmntStruct = TWRALLgetAmount(ctypes.UInt64.lo(fee64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 247 248 249 let fee64 = ctypes.UInt64(feeAmnt); let feeAmntStruct = TWRALLgetAmount(ctypes.UInt64.lo(fee64), ctypes.UInt64.hi(fee64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 248 249 250 let feeAmntStruct = TWRALLgetAmount(ctypes.UInt64.lo(fee64), ctypes.UInt64.hi(fee64), feeFrac, aCurrency); Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 605 606 607 let desiredAmnt64 = ctypes.UInt64(amount[1]); let desiredAmnt = Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 607 608 609 let desiredAmnt = TWRALLgetAmount(ctypes.UInt64.lo(desiredAmnt64), ctypes.UInt64.hi(desiredAmnt64), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 608 609 610 TWRALLgetAmount(ctypes.UInt64.lo(desiredAmnt64), ctypes.UInt64.hi(desiredAmnt64), amount_fraction, Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 711 712 713 let availCur = balance.currency; let availVal = ctypes.UInt64(balance.value); let availFrac = balance.fraction; Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 713 714 715 let availFrac = balance.fraction; let avail = TWRALLgetAmount(ctypes.UInt64.lo(availVal), ctypes.UInt64.hi(availVal), Access to the `ctypes` global Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 714 715 716 let avail = TWRALLgetAmount(ctypes.UInt64.lo(availVal), ctypes.UInt64.hi(availVal), availFrac, Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 164 165 166 function globalEval(x) { eval.call(null, x); } Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 368 369 370 try { func = eval('_' + ident); // explicit lookup } catch(e) {} Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 500 501 502 funcstr += 'return ret})'; return eval(funcstr); }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 5120 5121 5122 Browser.mainLoop.scheduler = function Browser_mainLoop_scheduler() { setTimeout(Browser.mainLoop.runner, value); // doing this each time means that on exception, we stop }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 5159 5160 5161 Browser.mainLoop.updateStatus(); setTimeout(Browser.mainLoop.runner, 0); return; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 5553 5554 5555 var delay = Math.max(Browser.nextRAF - now, 0); setTimeout(func, delay); },requestAnimationFrame:function requestAnimationFrame(func) { Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/test.jsm 176 177 178 function globalEval(x) { eval.call(null, x); } Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/test.jsm 420 421 422 try { func = eval('_' + ident); // explicit lookup } Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/test.jsm 571 572 573 funcstr += 'return ret})'; return eval(funcstr); }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/test.jsm 7550 7551 7552 Browser.mainLoop.scheduler = function Browser_mainLoop_scheduler() { setTimeout(Browser.mainLoop.runner, value); // doing this each time means that on exception, we stop }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/test.jsm 7593 7594 7595 Browser.mainLoop.updateStatus(); setTimeout(Browser.mainLoop.runner, 0); return; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/test.jsm 8053 8054 8055 var delay = Math.max(Browser.nextRAF - now, 0); setTimeout(func, delay); }, on* attribute being set using setAttribute Warning: To prevent vulnerabilities, event handlers (like 'onclick' and 'onhover') should always be defined using addEventListener. content/lib/prettyPrint.jsm 92 93 94 // instruct the button to kill output's lines and itself clrButton.setAttribute('onclick', 'var thisDiv = document.getElementById("taler-output"); thisDiv.parentNode.removeChild(thisDiv);'); Markup should not be passed to `innerHTML` dynamically. Warning: Due to both security and performance concerns, innerHTML may not be set using dynamic values which have not been adequately sanitized. This can lead to security issues or fairly serious performance degradation. content/lib/prettyPrint.jsm 136 137 138 // inject the output in the line verbatim.innerHTML = output; `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/pay.jsm 42 43 44 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 192 193 194 depFeeStmt.params.thisDenom = choice[i].denom_pub; if (!depFeeStmt.executeStep()){ showOutput("Deposit fee not found for denom" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 206 207 208 /* Extra check */ if (!coinStmt.executeStep()){ /* Todo */ Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 223 224 225 pendingStmt.params.transactionId = contractObj.contract.transaction_id; pendingStmt.executeStep(); pendingStmt.reset(); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 452 453 454 while(countStmt.executeStep()){ `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/keys.jsm 30 31 32 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 253 254 255 /* check if 'mint_table' is defined and, if not, define it. */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS mint_table" + " (mint_base_url TEXT PRIMARY KEY" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 258 259 260 /* create denom_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS denom_table" + " (mint TEXT, stamp_start TEXT" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 270 271 272 /* denom_amount_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS denom_amount_table" + " (mint TEXT, denom TEXT, value INTEGER, fraction INTEGER" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 277 278 279 /* fee_withdraw_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS fee_withdraw_table" + " (mint TEXT, denom TEXT, value INTEGER, fraction INTEGER" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 284 285 286 /* fee_deposit_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS fee_deposit_table" + " (mint TEXT, denom TEXT, value INTEGER, fraction INTEGER" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 291 292 293 /* fee_refresh_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS fee_refresh_table" + " (mint TEXT, denom TEXT, value INTEGER, fraction INTEGER" Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 298 299 300 /* create signkeys_table */ dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS signkeys_table" + " (mint TEXT, key TEXT, stamp_start TEXT" Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 323 324 325 mintstmt.params.lastDenomUpdate = keys.list_issue_date; mintstmt.execute(); Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 356 357 358 denomStmt.params.stampExpireLegal = keys.denoms[i].stamp_expire_legal; denomStmt.execute(); Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 364 365 366 denomAmntStmt.params.currencyCol = keys.denoms[i].value.currency; denomAmntStmt.execute(); Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 372 373 374 feeWithdrawStmt.params.currencyCol = keys.denoms[i].fee_withdraw.currency; feeWithdrawStmt.execute(); Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 380 381 382 feeRefreshStmt.params.currencyCol = keys.denoms[i].fee_refresh.currency; feeRefreshStmt.execute(); Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 388 389 390 feeDepositStmt.params.currencyCol = keys.denoms[i].fee_deposit.currency; feeDepositStmt.execute(); } Access to the `execute` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/keys.jsm 401 402 403 signKeysStmt.params.stampEndCol = keys.signkeys[i].stamp_end; signKeysStmt.execute(); `loadAndRegisterSheet` called in potentially dangerous manner Warning: Authors of bootstrapped add-ons must take care to unregister registered stylesheets at shutdown. content/lib/chromeTransform.jsm 228 229 230 if (action == "load") styleSheetService.loadAndRegisterSheet(styleSheetURI, styleSheetService.AUTHOR_SHEET); else `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/util.jsm 25 26 27 Components.utils.import("chrome://taler-button/content/lib/emscripIface.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/util.jsm 88 89 90 getCurrencyStmt.params.mint = mintUrl; if (!getCurrencyStmt.executeStep()) return null; Variable element type being created Warning: createElement or createElementNS were used with a variable rather than a raw string. Literal values should be used when taking advantage of the element creation functions. E.g.: createElement('foo') rather than createElement(el_type) content/lib/xul.jsm 82 83 84 else { var node = doc.createElementNS(XUL_NS, this.tagName); } Variable element type being created Warning: createElement or createElementNS were used with a variable rather than a raw string. Literal values should be used when taking advantage of the element creation functions. E.g.: createElement('foo') rather than createElement(el_type) content/lib/xul.jsm 79 80 81 /** CUSTOM: <html:...> is from standard namespace **/ var node = doc.createElementNS(STD_NS, this.tagName); } `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/test_api.jsm 28 29 30 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/reserves.jsm 43 44 45 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 101 102 103 if (!blindStmt.executeStep()) showOutput("no blinding key found, " + mint + amount + curr, Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 140 141 142 resStmt.executeStep(); let privEnc = resStmt.row.reserve_priv; Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 224 225 226 feeStmt.params.dnmTxt = denomTxt; feeStmt.executeStep(); let feeAmnt = feeStmt.row.value; Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 317 318 319 try{ dbHandle.executeSimpleSQL("CREATE TABLE IF NOT EXISTS coins" + " (mint_base_url TEXT" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 638 639 640 stmt.params.resPriv = resPriv; stmt.executeStep(); stmt.finalize(); Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 655 656 657 // check if 'reserve_table' is defined and, if not, define it. dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS reserve_table" + " (reserve_priv TEXT" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 957 958 959 /* only one result: the denom is a primary key */ if (!denomAmntStmt.executeStep()) showOutput("incomplete denom (no amount) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 959 960 961 showOutput("incomplete denom (no amount) in DB", true); if (!denomWitFeeStmt.executeStep()) showOutput("incomplete denom (no withdraw fee) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 961 962 963 showOutput("incomplete denom (no withdraw fee) in DB", true); if (!denomDepFeeStmt.executeStep()) showOutput("incomplete denom (no deposit fee) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 963 964 965 showOutput("incomplete denom (no deposit fee) in DB", true); if (!denomRefFeeStmt.executeStep()) showOutput("incomplete denom (no refresh fee) in DB", true); Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/libWrapper.jsm 5652 5653 5654 return delta; },mouseX:0,mouseY:0,mouseMovementX:0,mouseMovementY:0,touches:{},lastTouches:{},calculateMouseEvent:function (event) { // event should be mo ... if (Browser.pointerLock) { Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/libWrapper.jsm 5657 5658 5659 // Workaround for Firefox bug 764498 if (event.type != 'mousemove' && ('mozMovementX' in event)) { `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 124 125 126 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 4129 4130 4131 var xhr = new XMLHttpRequest(); xhr.open('HEAD', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 4146 4147 4148 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); if (datalength !== chunkSize) xhr.setRequestHeader("Range", "bytes=" + from + "-" + to); Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/test.jsm 8176 8177 8178 lastTouches: {}, calculateMouseEvent: function(event) { // event should be mousemove, mousedown or mouseup if (Browser.pointerLock) { Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/test.jsm 8181 8182 8183 // Workaround for Firefox bug 764498 if (event.type != 'mousemove' && ('mozMovementX' in event)) { `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/test.jsm 133 134 135 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/test.jsm 5028 5029 5030 var xhr = new XMLHttpRequest(); xhr.open('HEAD', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/test.jsm 5045 5046 5047 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); if (datalength !== chunkSize) xhr.setRequestHeader("Range", "bytes=" + from + "-" + to); `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 266 267 268 htmlDoc.body.addEventListener("taler-wire-probe", Taler.Wallet.Util.gettingWalletProbe, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 271 272 273 htmlDoc.body.addEventListener("taler-checkout-probe", Taler.Wallet.Util.gettingWalletProbe, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 275 276 277 true); htmlDoc.body.addEventListener("taler-contract", handleContract, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 279 280 281 true); htmlDoc.body.addEventListener("taler-create-reserve", function(evt){ Prev Top Next Localization Tests These tests were not run. Prev Top Next Compatibility Tests These tests were not run. mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/libWrapper.jsm 2236 2237 2238 var ret = null; if (typeof window === 'object') ret = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; assert(ret, 'IDBFS used, but indexedDB not supported'); mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/libWrapper.jsm 4290 4291 4292 },indexedDB:function () { return window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; },DB_NAME:function () { window.mozRequestionAnimationFrame has been unprefixed Warning: mozRequestAnimationFrame is no longer supported in prefixed form, please use requestAnimationFrame instead. See https://developer.mozilla.org/docs/Web/API/window/requestAnimationFrame for more information. mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/test.jsm 2764 2765 2766 var ret = null; if (typeof window === 'object') ret = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; assert(ret, 'IDBFS used, but indexedDB not supported'); mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/test.jsm 5204 5205 5206 indexedDB: function() { return window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; }, window.mozRequestionAnimationFrame has been unprefixed Warning: mozRequestAnimationFrame is no longer supported in prefixed form, please use requestAnimationFrame instead. See https://developer.mozilla.org/docs/Web/API/window/requestAnimationFrame for more information. |
|
|
General Tests ============= 0 errors, 0 warnings, 0 notices All tests passed successfully. Security Tests ============== 0 errors, 0 warnings, 0 notices All tests passed successfully. Extension Tests =============== 0 errors, 63 warnings, 4 notices [...] Access to the `ctypes` global (repeated many times) Warning: Insufficiently meticulous use of ctypes can lead to serious, and often exploitable, errors. The use of bundled binary code, or access to system libraries, may allow for add-ons to perform unsafe operations. All ctypes use must be carefully reviewed by a qualified reviewer. content/lib/reserves.jsm 755 756 757 let avail = TWRALLgetAmount(ctypes.UInt64.lo(availVal), ctypes.UInt64.hi(availVal), availFrac, Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 164 165 166 function globalEval(x) { eval.call(null, x); } Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 367 368 369 try { func = eval('_' + ident); // explicit lookup } catch(e) {} Access to the `eval` global Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible. Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information. content/lib/libWrapper.jsm 499 500 501 funcstr += 'return ret})'; return eval(funcstr); }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 6362 6363 6364 Browser.mainLoop.scheduler = function Browser_mainLoop_scheduler() { setTimeout(Browser.mainLoop.runner, value); // doing this each time means that on exception, we stop }; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 6401 6402 6403 Browser.mainLoop.updateStatus(); setTimeout(Browser.mainLoop.runner, 0); return; `setTimeout` called in potentially dangerous manner Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument. content/lib/libWrapper.jsm 6795 6796 6797 var delay = Math.max(Browser.nextRAF - now, 0); setTimeout(func, delay); },requestAnimationFrame:function requestAnimationFrame(func) { Markup should not be passed to `innerHTML` dynamically. Warning: Due to both security and performance concerns, innerHTML may not be set using dynamic values which have not been adequately sanitized. This can lead to security issues or fairly serious performance degradation. content/lib/prettyPrint.jsm 123 124 125 /* inject the output in the line */ verbatim.innerHTML = output; /* put the created line at the bottom of the pastebin DIV */ `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/pay.jsm 45 46 47 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 198 199 200 depFeeStmt.params.thisDenom = choice[i].denom_pub; if (!depFeeStmt.executeStep()){ showOutput("Deposit fee not found for denom" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 212 213 214 /* Extra check */ if (!coinStmt.executeStep()){ /* Todo */ Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 229 230 231 pendingStmt.params.transactionId = contractObj.contract.transaction_id; pendingStmt.executeStep(); pendingStmt.reset(); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/pay.jsm 484 485 486 while(countStmt.executeStep()){ `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/keys.jsm 30 31 32 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); `loadAndRegisterSheet` called in potentially dangerous manner Warning: Authors of bootstrapped add-ons must take care to unregister registered stylesheets at shutdown. content/lib/chromeTransform.jsm 223 224 225 if (action == "load") styleSheetService.loadAndRegisterSheet(styleSheetURI, styleSheetService.AUTHOR_SHEET); else `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/util.jsm 25 26 27 Components.utils.import("chrome://taler-button/content/lib/emscripIface.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/util.jsm 113 114 115 getCurrencyStmt.params.mint = mintUrl; if (!getCurrencyStmt.executeStep()) return null; Variable element type being created Warning: createElement or createElementNS were used with a variable rather than a raw string. Literal values should be used when taking advantage of the element creation functions. E.g.: createElement('foo') rather than createElement(el_type) content/lib/xul.jsm 83 84 85 else { var node = doc.createElementNS(XUL_NS, this.tagName); } Variable element type being created Warning: createElement or createElementNS were used with a variable rather than a raw string. Literal values should be used when taking advantage of the element creation functions. E.g.: createElement('foo') rather than createElement(el_type) content/lib/xul.jsm 80 81 82 /** CUSTOM: <html:...> is from standard namespace **/ var node = doc.createElementNS(STD_NS, this.tagName); } `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/test_api.jsm 30 31 32 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); `import` called in potentially dangerous manner Warning: The global `import` function was called using a set of dangerous parameters. Calls of this nature are deprecated. content/lib/reserves.jsm 47 48 49 Components.utils.import("resource://gre/modules/FileUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 110 111 112 blindStmt.params.fraction = fraction; if (!blindStmt.executeStep()) showOutput("no blinding key found, " + mint + amount + currency, Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 148 149 150 resStmt.params.mint = mint; resStmt.executeStep(); let privEnc = resStmt.row.reserve_priv; Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 221 222 223 feeStmt.params.dnmTxt = denomTxt; feeStmt.executeStep(); let feeAmnt = feeStmt.row.value; Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 293 294 295 try{ dbHandle.executeSimpleSQL("CREATE TABLE IF NOT EXISTS coins" + " (mint_base_url TEXT" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 652 653 654 stmt.params.reservePriv = reservePriv; stmt.executeStep(); stmt.finalize(); Synchronous SQL should not be used Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 682 683 684 // check if 'reserve_table' is defined and, if not, define it. dbConn.executeSimpleSQL("CREATE TABLE IF NOT EXISTS reserve_table" + " (reserve_priv TEXT" Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 1072 1073 1074 /* only one result: the denom is a primary key */ if (!denomMetaStmt.executeStep()) showOutput("incomplete denom (no expire deposit date) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 1076 1077 1078 tDebug("denomMeta " + denomMetaStmt.row.stamp_expire_deposit, true); if (!denomAmntStmt.executeStep()) showOutput("incomplete denom (no amount) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 1078 1079 1080 showOutput("incomplete denom (no amount) in DB", true); if (!denomWitFeeStmt.executeStep()) showOutput("incomplete denom (no withdraw fee) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 1080 1081 1082 showOutput("incomplete denom (no withdraw fee) in DB", true); if (!denomDepFeeStmt.executeStep()) showOutput("incomplete denom (no deposit fee) in DB", true); Access to the `executeStep` global Warning: The use of synchronous SQL via the storage system leads to severe responsiveness issues, and should be avoided at all costs. Please use asynchronous SQL via Sqlite.jsm (http://mzl.la/sqlite-jsm) or the `executeAsync` method, or otherwise switch to a simpler database such as JSON files or IndexedDB. content/lib/reserves.jsm 1082 1083 1084 showOutput("incomplete denom (no deposit fee) in DB", true); if (!denomRefFeeStmt.executeStep()) showOutput("incomplete denom (no refresh fee) in DB", true); Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/libWrapper.jsm 6894 6895 6896 return delta; },mouseX:0,mouseY:0,mouseMovementX:0,mouseMovementY:0,touches:{},lastTouches:{},calculateMouseEvent:function (event) { // event should be mo ... if (Browser.pointerLock) { Mouse events may cause performance issues. Warning: The use of `mousemove`, `mouseover`, and `mouseout` is discouraged. These events are dispatched with high frequency and can cause severe performance issues. content/lib/libWrapper.jsm 6899 6900 6901 // Workaround for Firefox bug 764498 if (event.type != 'mousemove' && ('mozMovementX' in event)) { `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 124 125 126 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 4096 4097 4098 var xhr = new XMLHttpRequest(); xhr.open('HEAD', url, false); xhr.send(null); `open` called in potentially dangerous manner Warning: Synchronous HTTP requests can cause serious UI performance problems, especially to users with slow network connections. content/lib/libWrapper.jsm 4113 4114 4115 var xhr = new XMLHttpRequest(); xhr.open('GET', url, false); if (datalength !== chunkSize) xhr.setRequestHeader("Range", "bytes=" + from + "-" + to); `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 269 270 271 htmlDoc.addEventListener("taler-wire-probe", Taler.Wallet.Util.gettingWalletProbe, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 274 275 276 htmlDoc.addEventListener("taler-checkout-probe", Taler.Wallet.Util.gettingWalletProbe, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 278 279 280 true); htmlDoc.body.addEventListener("taler-contract", handleContract, `addEventListener` called with truthy fourth argument. Warning: When called with a truthy forth argument, listeners can be triggered potentially unsafely by untrusted code. This requires careful review. content/taler.jsm 282 283 284 true); htmlDoc.body.addEventListener("taler-create-reserve", function(evt){ Prev Top Next Localization Tests 0 errors, 0 warnings, 0 notices All tests passed successfully. Prev Top Next Compatibility Tests 0 errors, 3 warnings, 0 notices mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/libWrapper.jsm 2233 2234 2235 var ret = null; if (typeof window === 'object') ret = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; assert(ret, 'IDBFS used, but indexedDB not supported'); mozIndexedDB has been removed. Warning: mozIndexedDB has been removed. You should use indexedDB instead. See https://bugzil.la/975699 for more information. content/lib/libWrapper.jsm 4257 4258 4259 },indexedDB:function () { return window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; },DB_NAME:function () { window.mozRequestionAnimationFrame has been unprefixed Warning: mozRequestAnimationFrame is no longer supported in prefixed form, please use requestAnimationFrame instead. See https://developer.mozilla.org/docs/Web/API/window/requestAnimationFrame for more information. |
|
|
Your add-on has been submitted to the Preliminary Review queue. You'll receive an email once it has been reviewed by an editor. In the meantime, you and your friends can install it directly from its details page: https://addons.mozilla.org/en-US/firefox/addon/gnu-taler/ |
|
|
Closing for now, as we're focusing on the WebEx wallet. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-06-04 22:19 | Christian Grothoff | New Issue | |
| 2015-06-04 22:19 | Christian Grothoff | Status | new => assigned |
| 2015-06-04 22:19 | Christian Grothoff | Assigned To | => Marcello Stanisci |
| 2015-06-04 22:23 | Christian Grothoff | Note Added: 0009230 | |
| 2015-06-21 10:53 | Christian Grothoff | Product Version | => 0.0 |
| 2015-06-21 10:53 | Christian Grothoff | Target Version | => 0.1 |
| 2015-10-30 22:44 | Christian Grothoff | Note Added: 0009868 | |
| 2015-10-30 22:44 | Christian Grothoff | Priority | low => high |
| 2015-10-30 22:44 | Christian Grothoff | Target Version | 0.1 => 0.0 |
| 2015-11-17 14:16 | Christian Grothoff | Assigned To | Marcello Stanisci => tg |
| 2015-11-24 00:50 | tg | Note Added: 0009942 | |
| 2015-11-24 01:16 | tg | Note Added: 0009943 | |
| 2015-11-24 07:06 | Christian Grothoff | Note Added: 0009944 | |
| 2015-11-24 08:23 | tg | Note Added: 0009946 | |
| 2015-12-18 18:06 | tg | Note Added: 0010021 | |
| 2015-12-18 18:34 | tg | Note Added: 0010022 | |
| 2016-01-21 15:46 | Christian Grothoff | Target Version | 0.0 => 0.1 |
| 2016-01-22 23:32 | Christian Grothoff | Note Added: 0010084 | |
| 2016-01-22 23:32 | Christian Grothoff | Status | assigned => closed |
| 2016-01-22 23:32 | Christian Grothoff | Resolution | open => won't fix |
| 2016-01-22 23:32 | Christian Grothoff | Fixed in Version | => 0.0 |
| 2016-01-22 23:32 | Christian Grothoff | Target Version | 0.1 => 0.0 |
| 2019-12-26 21:37 | Florian Dold | Category | wallet (browser-based) => wallet (WebExtensions) |
| 2023-04-13 20:37 | Florian Dold | Category | wallet (WebExtensions) => wallet (WebExtension) |
