[Caja] Re: Remove ES5/3 artifacts from taming membrane (issue 14605043)

Mon, 14 Oct 2013 12:55:36 -0700 


https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js
File src/com/google/caja/plugin/ses-frame-group.js (right):

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js#newcode41
src/com/google/caja/plugin/ses-frame-group.js:41: // we called it with
(void 0), which would be a serious vulnerability.
On 2013/10/11 21:54:53, kpreid_google wrote:

"_Would_ be a serious vulnerability" is both too strong and unclear

about what

the problem actually is. There is only a vulnerability if the function

is

exophoric (and ends up doing something non-harmless to its this).


Done.

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/ses-frame-group.js#newcode42
src/com/google/caja/plugin/ses-frame-group.js:42: var USELESS =
Object.freeze({ USELESS: 'USELESS' });
On 2013/10/11 21:54:53, kpreid_google wrote:

Not relevant per se, but I think it'd be nice to give this a toString.

ES5/3's

USELESS had one.


Done.

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-membrane.js
File src/com/google/caja/plugin/taming-membrane.js (right):

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-membrane.js#newcode22
src/com/google/caja/plugin/taming-membrane.js:22: function
TamingMembrane(privilegedAccess, schema) {
On 2013/10/11 21:54:53, kpreid_google wrote:

I note that the name privilegedAccess is somewhat less fitting than it

used to

be (but allFrames and weakMapPermitHostObjects are still a big deal).

No need to

change the name now, but something to think about.


Done.

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-schema.js
File src/com/google/caja/plugin/taming-schema.js (left):

https://codereview.appspot.com/14605043/diff/9001/src/com/google/caja/plugin/taming-schema.js#oldcode111
src/com/google/caja/plugin/taming-schema.js:111: if
(privilegedAccess.isDefinedInCajaFrame(f)) {
On 2013/10/11 21:54:53, kpreid_google wrote:

As noted on previous version, please leave this in for now.


Done.

https://codereview.appspot.com/14605043/

--
--- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to