[Caja] Re: Whitelist/tame Typed Arrays and use them in 2D Canvas taming. (issue 12801043)

Mon, 12 Aug 2013 14:06:01 -0700 

ses/* stuff LGTM.

I am not expert on either typed arrays or DOMExceptions, so my LGTM
should be interpreted accordingly.


https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js#newcode2617
src/com/google/caja/ses/repairES5.js:2617: new DataView(new
ArrayBuffer(1)).getInt8(-1);
Should we also be testing what a[-1] indexing does? (Obviously, if it
does something bad we can't repair it. But at least we'd know.)

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js#newcode4069
src/com/google/caja/ses/repairES5.js:4069: // DOMException is poisonous
to WeakMaps on FF so we choose not to
Do we test for that? What bug is filed for that?

Is it worth case splitting on whether DOMException can be safe on a
given browser?

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js
File src/com/google/caja/ses/whitelist.js (right):

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode449
src/com/google/caja/ses/whitelist.js:449: length: t,  // does not
inherit Function on Chrome
inherit from Function.
That's weird and worth filing a bug on.

Are these currently Chrome issues or v8 issues? Is any of this typed
array stuff available in v8 outside the browser (e.g., NodeJS)?

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode453
src/com/google/caja/ses/whitelist.js:453: byteLength: 'accessor',
From the description of "accessor" in the doccomment at the top of this
file, on browsers where these are instead data properties, this will not
whitelist them. Is that what you want?

What browsers have you tested this on?

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode458
src/com/google/caja/ses/whitelist.js:458: length: t,  // does not
inherit Function on Chrome
likewise

https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode480
src/com/google/caja/ses/whitelist.js:480: length: t,  // does not
inherit Function on Chrome
Likewise

https://codereview.appspot.com/12801043/

--
--- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to