https://codereview.appspot.com/10075043/diff/2001/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):
https://codereview.appspot.com/10075043/diff/2001/src/com/google/caja/ses/repairES5.js#newcode3901
src/com/google/caja/ses/repairES5.js:3901: * reactions to tests and
repairs. Off for now because this is
Unfortunately said client-controlled reactions are unsuitable for this
case because we have no notion of SES 'containing' repairES5 (e.g.
there's only one maxSeverity state and correspondingly only one 'client'
interface).
I think it would be a worthwhile idea to introduce that, but until then
I recommend that we consider this a SAFE_SPEC_VIOLATION (with comments
explaining why). Then we can turn it on right now, including having
resolveOptions use it to decide whether to force parseProgram on.
https://codereview.appspot.com/10075043/diff/2001/src/com/google/caja/ses/whitelist.js
File src/com/google/caja/ses/whitelist.js (right):
https://codereview.appspot.com/10075043/diff/2001/src/com/google/caja/ses/whitelist.js#newcode75
src/com/google/caja/ses/whitelist.js:75: * can retire all "skip" entries
by the time SES is ready for secure
There are no longer any 'skip' entries. Should we retire the skip
mechanism itself, now? If not, should these comments be lightly updated?
https://codereview.appspot.com/10075043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
