Updates:
Status: Accepted
Owner: kpreid.switchb.org
Cc: erights
Labels: -Priority-Medium Priority-High SES
Comment #5 on issue 1756 by kpreid.switchb.org: Chrome Canary 29 now seems
to be classified as unsafe
http://code.google.com/p/google-caja/issues/detail?id=1756
This is still present and is definitely a V8 bug. Minimal reproduction
(outside of Caja) showing its odd statefulness:
var a = Object.freeze([1]); a.push(2); a.length
1
var a = Object.freeze([1]); a.push(2); a.length
2
Linked the V8 bug from repairES5.js @r5483.
Note that, unlike at the time of the report, this problem will be repaired
by repair_PUSH_IGNORES_SEALED, at the cost of much slower .push() — unless
running in NO_KNOWN_EXPLOIT_SPEC_VIOLATION mode. That's arguably a bug in
the API; filed issue 1808.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
