Reviewers: kpreid2, MarkM,
Description:
this addresses
https://code.google.com/p/google-caja/issues/detail?id=1374
callWithEjector is not generally safe to use casually, because careless
or malicious code can interfere with the ejection mechanism. This CL
documents that limitation, and also unpublishes callWithEjector and
eject, since they don't appear to have any external uses.
Please review this at https://codereview.appspot.com/13343047/
Affected files:
M src/com/google/caja/es53.js
M src/com/google/caja/ses/ejectorsGuardsTrademarks.js
M src/com/google/caja/ses/whitelist.js
Index: src/com/google/caja/es53.js
===================================================================
--- src/com/google/caja/es53.js (revision 5589)
+++ src/com/google/caja/es53.js (working copy)
@@ -1703,6 +1703,12 @@
* at which point the ejector is disabled. Calling a disabled
* ejector throws.
*
+ * <p>Note that the ejector relies on {@code try..catch}, so
+ * it's not entirely bulletproof. The {@code attemptFunc} can
+ * block an {@code eject} with a {@code try..catch} or a
+ * {@code try..finally} that throws, so you should be careful
+ * about what code is run in the attemptFunc.
+ *
* <p>Historic note: This was first invented by John C. Reynolds in
* <a href="http://doi.acm.org/10.1145/800194.805852";
* >Definitional interpreters for higher-order programming
@@ -5613,8 +5619,6 @@
// Guards and Trademarks
identity: identity,
- callWithEjector: callWithEjector,
- eject: eject,
GuardT: GuardT,
Trademark: Trademark,
guard: guard,
Index: src/com/google/caja/ses/ejectorsGuardsTrademarks.js
===================================================================
--- src/com/google/caja/ses/ejectorsGuardsTrademarks.js (revision 5589)
+++ src/com/google/caja/ses/ejectorsGuardsTrademarks.js (working copy)
@@ -97,6 +97,12 @@
* at which point the ejector is disabled. Calling a disabled
* ejector throws.
*
+ * <p>Note that the ejector relies on {@code try..catch}, so
+ * it's not entirely bulletproof. The {@code attemptFunc} can
+ * block an {@code eject} with a {@code try..catch} or a
+ * {@code try..finally} that throws, so you should be careful
+ * about what code is run in the attemptFunc.
+ *
* <p>Historic note: This was first invented by John C. Reynolds in
* <a href="http://doi.acm.org/10.1145/800194.805852";
* >Definitional interpreters for higher-order programming
@@ -361,8 +367,6 @@
////////////////////////////////////////////////////////////////////////
return freeze({
- callWithEjector: constFunc(callWithEjector),
- eject: constFunc(eject),
makeSealerUnsealerPair: constFunc(makeSealerUnsealerPair),
GuardT: GuardT,
makeTableGuard: constFunc(makeTableGuard),
Index: src/com/google/caja/ses/whitelist.js
===================================================================
--- src/com/google/caja/ses/whitelist.js (revision 5589)
+++ src/com/google/caja/ses/whitelist.js (working copy)
@@ -126,8 +126,6 @@
makeImports: t,
copyToImports: t,
- callWithEjector: t,
- eject: t,
GuardT: {
coerce: t
},
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
