LGTM pending the examination of mstarzinger's fix that I suggest below.
I would be surprised (pleasantly!) if this CL survives that examination.
https://codereview.appspot.com/8806045/diff/1/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):
https://codereview.appspot.com/8806045/diff/1/src/com/google/caja/ses/repairES5.js#newcode2880
src/com/google/caja/ses/repairES5.js:2880: function
repair_OBJECT_CREATE() {
This looks very much like my earlier attempt at repair that I gave up
on. The problem is that, in the presence of this bug, many things
besides Object.create were also broken. In short, look for all the
places that mstarzinger's fix to this bug touched. If any of these are
not fixed by this repair, and are fatal to us when unrepaired, that
would be bad.
https://codereview.appspot.com/8806045/diff/1/src/com/google/caja/ses/repairES5.js#newcode2887
src/com/google/caja/ses/repairES5.js:2887: // "1. If Type(O) is not
Object or Null throw a TypeError exception."
This spec language does not correspond to testing (typeof O !==
'object'). Instead, (typeof O !== 'object' && typeof O !== 'function')
would be valid. Or, if you check for null first, this test could be (O
!== Object(O)). The second is arguably more robust (even if less
efficient) because it does not depend on knowing all the typeof
possibilities exhaustively.
https://codereview.appspot.com/8806045/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
