Comment #2 on issue 1374 by felix8a: Audit uses of ejector since SES does
not allow uncatchable exceptions
http://code.google.com/p/google-caja/issues/detail?id=1374
so.. if I understand this correctly, the concern is that the attemptFunc
might have a try..catch that intercepts a thrown ejection token and throws
something else instead, interfering with the expected control flow.
callWithEjector is only called in ses/ejectorsGuardsTrademarks.js, by
passesGuard().
there are no uses of try/catch that will capture the ejection token, and no
way to introduce such a try..catch.
I suppose for paranoia we could unpublish callWithEjector since there don't
seem to be any public uses of it, or maybe just add a comment about safe
usage.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
