Updates:
Labels: -Priority-High -Private -Security Priority-Low
Comment #4 on issue 1752 by erights: Host object leaked without being
tamed: "valueOf()"
http://code.google.com/p/google-caja/issues/detail?id=1752
Agreed. And independently verified that the leaked object is the scope
object.
Since the the scope object is safe to "leak", this is not a security issue.
Rather it is a previously unknown consequence of a known gotcha:
https://code.google.com/p/google-caja/wiki/SES#this_-binding_of_Global_Function_Calls ,
which needs revision to document that it leaks the scope object rather than
the imports object. Why isn't our mitigations fixing this, as documented
there?
Declassifying and removing the Security tag. Not closing but changing to
low priority, because the resulting taming complaint still makes this a
previously unknown and annoying bug. Your diagnosis of the problem seems
correct, but I don't see an obvious way to fix isDefinedInCajaFrame.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
