Revision: 5590
Author: [email protected]
Date: Wed Sep 4 04:54:27 2013 UTC
Log: unpublish callWithEjector
https://codereview.appspot.com/13343047
this addresses https://code.google.com/p/google-caja/issues/detail?id=1374
callWithEjector is not generally safe to use casually, because careless
or malicious code can interfere with the ejection mechanism. This CL
documents that limitation, and also unpublishes callWithEjector and
eject, since they don't appear to have any external uses.
R=markm
http://code.google.com/p/google-caja/source/detail?r=5590
Modified:
/trunk/src/com/google/caja/es53.js
/trunk/src/com/google/caja/ses/ejectorsGuardsTrademarks.js
/trunk/src/com/google/caja/ses/whitelist.js
=======================================
--- /trunk/src/com/google/caja/es53.js Wed Aug 21 20:22:22 2013 UTC
+++ /trunk/src/com/google/caja/es53.js Wed Sep 4 04:54:27 2013 UTC
@@ -1703,6 +1703,12 @@
* at which point the ejector is disabled. Calling a disabled
* ejector throws.
*
+ * <p>Note that the ejector relies on {@code try..catch}, so
+ * it's not entirely bulletproof. The {@code attemptFunc} can
+ * block an {@code eject} with a {@code try..catch} or a
+ * {@code try..finally} that throws, so you should be careful
+ * about what code is run in the attemptFunc.
+ *
* <p>Historic note: This was first invented by John C. Reynolds in
* <a href="http://doi.acm.org/10.1145/800194.805852";
* >Definitional interpreters for higher-order programming
@@ -5613,8 +5619,6 @@
// Guards and Trademarks
identity: identity,
- callWithEjector: callWithEjector,
- eject: eject,
GuardT: GuardT,
Trademark: Trademark,
guard: guard,
=======================================
--- /trunk/src/com/google/caja/ses/ejectorsGuardsTrademarks.js Wed Mar 7
22:43:07 2012 UTC
+++ /trunk/src/com/google/caja/ses/ejectorsGuardsTrademarks.js Wed Sep 4
04:54:27 2013 UTC
@@ -97,6 +97,12 @@
* at which point the ejector is disabled. Calling a disabled
* ejector throws.
*
+ * <p>Note that the ejector relies on {@code try..catch}, so
+ * it's not entirely bulletproof. The {@code attemptFunc} can
+ * block an {@code eject} with a {@code try..catch} or a
+ * {@code try..finally} that throws, so you should be careful
+ * about what code is run in the attemptFunc.
+ *
* <p>Historic note: This was first invented by John C. Reynolds in
* <a href="http://doi.acm.org/10.1145/800194.805852";
* >Definitional interpreters for higher-order programming
@@ -361,8 +367,6 @@
////////////////////////////////////////////////////////////////////////
return freeze({
- callWithEjector: constFunc(callWithEjector),
- eject: constFunc(eject),
makeSealerUnsealerPair: constFunc(makeSealerUnsealerPair),
GuardT: GuardT,
makeTableGuard: constFunc(makeTableGuard),
=======================================
--- /trunk/src/com/google/caja/ses/whitelist.js Thu Jul 25 16:32:48 2013 UTC
+++ /trunk/src/com/google/caja/ses/whitelist.js Wed Sep 4 04:54:27 2013 UTC
@@ -126,8 +126,6 @@
makeImports: t,
copyToImports: t,
- callWithEjector: t,
- eject: t,
GuardT: {
coerce: t
},
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
