https://codereview.appspot.com/10205043/diff/20001/src/com/google/caja/ses/startSES.js
File src/com/google/caja/ses/startSES.js (right):
https://codereview.appspot.com/10205043/diff/20001/src/com/google/caja/ses/startSES.js#newcode934
src/com/google/caja/ses/startSES.js:934: if
(limitSrcCharset(modSrc).error) {
On 2013/07/01 19:14:49, kpreid_google wrote:
This condition feels too fragile: it will quietly fail insecure if we
change the
format of the return value of limitSrcCharset such that it no longer
has a
'error' field and don't update this to match.
For example, the alternative without changing anything else would be
!('programSrc' in limitSrcCharset(modSrc)), but that doesn't look
particularly
nice — not sure what to do.
Done.
https://codereview.appspot.com/10205043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
