https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js
File src/com/google/caja/ses/repairES5.js (right):
https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js#newcode2617
src/com/google/caja/ses/repairES5.js:2617: new DataView(new
ArrayBuffer(1)).getInt8(-1);
On 2013/08/12 21:05:24, MarkM wrote:
Should we also be testing what a[-1] indexing does? (Obviously, if it
does
something bad we can't repair it. But at least we'd know.)
DataView has no numeric indexing; it is specifically for accessing
heterogeneous data, so the answers depend on the type specified by the
choice of method.
https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/repairES5.js#newcode4069
src/com/google/caja/ses/repairES5.js:4069: // DOMException is poisonous
to WeakMaps on FF so we choose not to
On 2013/08/12 21:05:24, MarkM wrote:
Do we test for that? What bug is filed for that?
If I recall correctly, this is another instance of Firefox's WeakMaps
not accepting some objects (the original problem was event objects). Or
it might be our emulated WeakMaps — I don't quite recall.
Is it worth case splitting on whether DOMException can be safe on a
given
browser?
No, because the future is Typed Arrays as specified in ES6, which
naturally do not throw DOMException. This is also consistent with
https://codereview.appspot.com/12694044/ which passes DOMExceptions
across the membrane losing their type (it is not possible to do
otherwise).
https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js
File src/com/google/caja/ses/whitelist.js (right):
https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode449
src/com/google/caja/ses/whitelist.js:449: length: t, // does not
inherit Function on Chrome
On 2013/08/12 21:05:24, MarkM wrote:
inherit from Function.
That's weird and worth filing a bug on.
This is a general tendency of objects whose implementation is "DOM API"
rather than "JavaScript". I believe it will go away when implementations
follow the lead of ES6.
Is any of this typed array stuff available in v8 outside the browser
(e.g., NodeJS)?
Yes, node.js supports typed arrays.
https://codereview.appspot.com/12801043/diff/1/src/com/google/caja/ses/whitelist.js#newcode453
src/com/google/caja/ses/whitelist.js:453: byteLength: 'accessor',
On 2013/08/12 21:05:24, MarkM wrote:
From the description of "accessor" in the doccomment at the top of
this file, on
browsers where these are instead data properties, this will not
whitelist them.
Is that what you want?
On browsers where they are data properties, they are also on instances
rather than prototypes. Therefore the whitelist does not affect them.
What browsers have you tested this on?
Firefox, Chrome, and Safari as of now.
...and we have a bigger problem: typeof ArrayBuffer === 'object' on
Safari, and ES5/3 specifically rejects marking a non-function as a
function. This change may have to wait until that bug is fixed or ES5/3
is gone. Or, we could have a hook to override the typeof check in the
finite set of problematic cases.
https://bugs.webkit.org/show_bug.cgi?id=114457 might be the relevant
report.
https://codereview.appspot.com/12801043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
