Updates:
Labels: -Priority-Medium Priority-High
Comment #1 on issue 1817 by erights: SES should not judge unsafe a platform
with a non-whitelisted frozen pure-data property
http://code.google.com/p/google-caja/issues/detail?id=1817
It is not a FF or ES6 spec bug. It is a Caja bug, and thus a more urgent
one. I closed out the FF bug at comment 3 with:
Anything new and non-deletable is something we're stuck with, and so must
be *obviously* safe to software that didn't expect to see it but cannot
delete it. Fortunately, non-configurable non-writable data properties whose
values are primitive data, like Number.EPSILON fulfills this criteria, so
such software should learn not to be too terrified when it sees such
surprises -- as is now filed at
https://code.google.com/p/google-caja/issues/detail?id=1817.
My impression was that a very small number of special constants were made
immutable, like NaN and undefined, and that virtually all other built-in
properties are configurable -- and hence monkey patchable by an
initialization script (like initSES). I was about to give Math.PI as an
example, but looking just now I see that it, and the other builtin numeric
Math constants, are also non-configurable and non-writable, so I withdraw
the notion that this is either a Mozilla or spec bug. Closing this out as
RESOLVED-INVALID. The bug is thus purely on the Caja side, and higher
priority on that side. Thanks!
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
