https://codereview.appspot.com/10205043/diff/20001/src/com/google/caja/ses/startSES.js
File src/com/google/caja/ses/startSES.js (right):
https://codereview.appspot.com/10205043/diff/20001/src/com/google/caja/ses/startSES.js#newcode934
src/com/google/caja/ses/startSES.js:934: if
(limitSrcCharset(modSrc).error) {
This condition feels too fragile: it will quietly fail insecure if we
change the format of the return value of limitSrcCharset such that it no
longer has a 'error' field and don't update this to match.
For example, the alternative without changing anything else would be
!('programSrc' in limitSrcCharset(modSrc)), but that doesn't look
particularly nice — not sure what to do.
https://codereview.appspot.com/10205043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
