[Caja] Re: Make ERRORS_HAVE_INVISIBLE_PROPERTIES repairable. (issue 9864044)

Fri, 31 May 2013 13:53:10 -0700 

Please rereview as I didn't do exactly what you said.


https://codereview.appspot.com/9864044/diff/3001/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):

https://codereview.appspot.com/9864044/diff/3001/src/com/google/caja/ses/repairES5.js#newcode3059
src/com/google/caja/ses/repairES5.js:3059: // the forEach binds this to
the error instance
On 2013/05/30 16:44:12, MarkM wrote:

Technically this terminology is wrong. forEach doesn't "bind" it in

the sense

of making a new bound function. It does invoke it with the error

instance

bound to "this", which accurately describes the point you're making.


Rephrased.

https://codereview.appspot.com/9864044/diff/3001/src/com/google/caja/ses/repairES5.js#newcode3066
src/com/google/caja/ses/repairES5.js:3066: // Note: not adequate for
cross-frame use, but we currently don't care
On 2013/05/30 16:44:12, MarkM wrote:

This will no longer be safe once SES allows mutation of [[Prototype]]

on

extensible objects.


Good point.

(On the other hand, this problem is a SAFE_SPEC_VIOLATION, and the worst
that can be done to guest code using it could equally well be done if we
permitted proxies. We only care(d) about it because we thought it might
interfere with whitelisting.)


Let's abstract this into an isError predicate, and for now
define isError as checking that objToString.call(object) ends with

"Error]".

Object.prototype.toString is clearly superior. For some reason, I was
under the impression it didn't work for Error, and I now have verified
that that is false.

Done, except that I don't see great value in extracting it to a
predicate.


This will also not be an adequate check in SES-on-ES6


How so? ES6 is not allowing setting [[Class]], is it? Or will there ways
to have user-defined objects for which Object.prototype.toString varies?

https://codereview.appspot.com/9864044/

--
--- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to