lgtm
vague meta-concern: I find it very hard to audit the scanner rules
meaningfully, and I'm not sure what would help. it seems that there are
two types of bugs we'd care about:
1. wrongly marking a bad situation as ok.
2. failing to exercise a function in some meaningful way.
and I have little confidence I'll notice either type of bug. I think
this is the third or fourth time I've looked at the scanner in detail,
and it hasn't really gotten easier with practice.
https://codereview.appspot.com/13024043/diff/7001/tests/com/google/caja/plugin/test-scan-guest.js
File tests/com/google/caja/plugin/test-scan-guest.js (right):
https://codereview.appspot.com/13024043/diff/7001/tests/com/google/caja/plugin/test-scan-guest.js#newcode1062
tests/com/google/caja/plugin/test-scan-guest.js:1062: G.apply(function()
{ return new RegExp('f(.*)o'); }));
maybe also interesting to have a regex with the /g flag?
https://codereview.appspot.com/13024043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
