Comment #4 on issue 1072 by ihab.awad: Provide support for signed Caja
modules
http://code.google.com/p/google-caja/issues/detail?id=1072
Interesting idea. I think I like it.
A disadvantage is that it requires the client to do a string *replace*
rather than a
mere string *truncate* in order to obtain the signed text. As you state, an
advantage
is that the signed text contains more of the structure, and a simple regex
can be
used to strip out the signature from the last line. A disadvantage is that,
to the
extent that this regex is simple, the verifier must split the module text
into lines
and reassemble.
Btw, we don't have to have *2* last lines; they could be merged into one:
signature: "..." });
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
