Reviewers: MarkM,
Description: Replaces the stopgap fix to security issue 978 with a longer term solution. http://code.google.com/p/google-caja/issues/detail?id=978 However, our current implementation of JSON.parse omits the reviver parameter. So long as the reviver is omitted, it is fine to wait until a JSON parse completes to post process with something like initializeMap. But once we support the ES3.1 JSON API (i.e., approximately the json2.js API), then we need to do our postprocessing before any user-provided reviver is run. On platforms implementing the ES3.1 JSON directly, can have the built in JSON implementation do all this interleaved with parsing, in one pass. To do so, we'd provide a tamedJSON whose parse wraps the user-provided reviver in one that first applies our own postprocess before invoking the user provided reviver. Please review this at http://codereview.appspot.com/27090 Affected files: M src/com/google/caja/cajita.js M tests/com/google/caja/CajitaTest.java
