LGTM
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/exportsToSES.js
File src/com/google/caja/ses/exportsToSES.js (right):
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/exportsToSES.js#newcode30
src/com/google/caja/ses/exportsToSES.js:30: "use strict";
single quotes
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js#newcode730
src/com/google/caja/ses/repairES5.js:730: // This case is likely
sympomatic of an attack. But the
"symptomatic"
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js#newcode756
src/com/google/caja/ses/repairES5.js:756: newSrc =
ses.mitigateSrcGotchas(funcBodySrc,
Somewhere it should be documented that caja.js swaps out this function
and therefore uses of it must not close over the value at init time.
(And if that weren't the case, I would tell you to close over the value
so we're not doing an extra property lookup at runtime, and so that the
non-frozen 'ses' object is irrelevant after initialization.)
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js#newcode764
src/com/google/caja/ses/repairES5.js:764: safeError = new
Error(error.message);
Would it be worthwhile to copy SyntaxErrors as SyntaxErrors here?
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js#newcode771
src/com/google/caja/ses/repairES5.js:771: if (newSrc !== funcBodySrc) {
Please add a comment explaining why this comparison is meaningful. It's
not obvious:
If ses.mitigateSrcGotchas (with these parameters) is expected to return
the input source, under what circumstances would it _not_ do so, and
what does it return instead? If it is expected to transform the input
source, under what circumstances would it return a result equal to the
input?
https://codereview.appspot.com/10181043/diff/41001/src/com/google/caja/ses/repairES5.js#newcode772
src/com/google/caja/ses/repairES5.js:772: throw new SyntaxError("Failed
to parse program");
single quotes
https://codereview.appspot.com/10181043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
