https://codereview.appspot.com/14605043/diff/1/src/com/google/caja/plugin/taming-schema.js
File src/com/google/caja/plugin/taming-schema.js (left):
https://codereview.appspot.com/14605043/diff/1/src/com/google/caja/plugin/taming-schema.js#oldcode111
src/com/google/caja/plugin/taming-schema.js:111: if
(privilegedAccess.isDefinedInCajaFrame(f)) {
On 2013/10/11 20:39:55, ihab.awad wrote:
On 2013/10/11 01:16:27, kpreid_google wrote:
> Why is this constraint no longer needed?
There is now no foundational difference between objects anywhere, and
we may
choose to use Caja in a mode where we bundle the taming and guest code
into
the same frame.
We already do: post-ES5/3, there are never distinct taming and guest
frames. And that is irrelevant, because this restriction is about host
vs. Caja frames, not taming vs. guest frames.
I am leery of removing this restriction because it might create
confusion about whether something is a 'native' cap-styled object vs.
one in need of taming. I would prefer to consider it separately. Maybe
add a TODO or issue to review the idea?
https://codereview.appspot.com/14605043/diff/1/tests/com/google/caja/plugin/test-defensible-objects.js
File tests/com/google/caja/plugin/test-defensible-objects.js (right):
https://codereview.appspot.com/14605043/diff/1/tests/com/google/caja/plugin/test-defensible-objects.js#newcode38
tests/com/google/caja/plugin/test-defensible-objects.js:38:
assertEquals('USELESS', this.USELESS);
On 2013/10/11 20:39:55, ihab.awad wrote:
I started this CL hoping to Bobbitt the whole idea of USELESS once and
for
good. I failed. I then figured, well at least we should not have this
thing that we pass around all over tarnation. Looking back at the
carnage,
I guess that was a ... um ... USELESS goal. :P
I agree with all of the above.
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js
File src/com/google/caja/plugin/ses-frame-group.js (right):
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js#newcode41
src/com/google/caja/plugin/ses-frame-group.js:41: // we called it with
(void 0), which would be a serious vulnerability.
"_Would_ be a serious vulnerability" is both too strong and unclear
about what the problem actually is. There is only a vulnerability if the
function is exophoric (and ends up doing something non-harmless to its
this).
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js#newcode42
src/com/google/caja/plugin/ses-frame-group.js:42: var USELESS =
Object.freeze({ USELESS: 'USELESS' });
Not relevant per se, but I think it'd be nice to give this a toString.
ES5/3's USELESS had one.
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-membrane.js
File src/com/google/caja/plugin/taming-membrane.js (right):
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-membrane.js#newcode22
src/com/google/caja/plugin/taming-membrane.js:22: function
TamingMembrane(privilegedAccess, schema) {
I note that the name privilegedAccess is somewhat less fitting than it
used to be (but allFrames and weakMapPermitHostObjects are still a big
deal). No need to change the name now, but something to think about.
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-schema.js
File src/com/google/caja/plugin/taming-schema.js (left):
https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-schema.js#oldcode111
src/com/google/caja/plugin/taming-schema.js:111: if
(privilegedAccess.isDefinedInCajaFrame(f)) {
As noted on previous version, please leave this in for now.
https://codereview.appspot.com/14605043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
