Revision: 5648
Author: erights
Date: Thu Dec 19 19:42:39 2013 UTC
Log: Adds some extra SES tests
https://codereview.appspot.com/43490045
Adds test for IE11 strict nested function defs scoping bug.
Adds stack display to explicit.html
Corrects some typos
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5648
Modified:
/trunk/src/com/google/caja/plugin/caja.js
/trunk/src/com/google/caja/ses/debug.js
/trunk/src/com/google/caja/ses/explicit.html
/trunk/src/com/google/caja/ses/logger.js
/trunk/src/com/google/caja/ses/repairES5.js
/trunk/src/com/google/caja/ses/startSES.js
=======================================
--- /trunk/src/com/google/caja/plugin/caja.js Thu Oct 24 19:11:23 2013 UTC
+++ /trunk/src/com/google/caja/plugin/caja.js Thu Dec 19 19:42:39 2013 UTC
@@ -425,7 +425,16 @@
// safe given that we use exactly one SES frame
'FREEZE_IS_FRAME_DEPENDENT': { 'permit': true },
- 'SYNTAX_ERRORS_ARENT_ALWAYS_EARLY': { 'permit': true }
+ 'SYNTAX_ERRORS_ARENT_ALWAYS_EARLY': { 'permit': true },
+
+ // Only affects code with strict nested function defs, which
+ // violates the ES5.1 recommendation stated at
+ //
http://wiki.ecmascript.org/doku.php?id=conventions:recommendations_for_implementors.
+ // Thus, the NESTED_STRICT_FUNCTIONS_LEAK
+ // doesn't affect SES as long as SES remains
+ // compatible with ES5 implementations that follow that
+ // recommendation.
+ 'NESTED_STRICT_FUNCTIONS_LEAK': { 'permit': true }
};
}
ses['mitigateSrcGotchas'] = function() {
=======================================
--- /trunk/src/com/google/caja/ses/debug.js Wed Aug 7 17:46:21 2013 UTC
+++ /trunk/src/com/google/caja/ses/debug.js Thu Dec 19 19:42:39 2013 UTC
@@ -163,7 +163,7 @@
(function() {
var FFFramePattern = (/^([^@]*)@(.*?):?(\d*)$/);
- // stacktracejs.org suggests that this indicates FF. Really?
+ // stacktracejs.com suggests that this indicates FF. Really?
function getCWStack(err) {
var stack = err.stack;
if (!stack) { return void 0; }
=======================================
--- /trunk/src/com/google/caja/ses/explicit.html Fri Aug 23 20:27:28 2013
UTC
+++ /trunk/src/com/google/caja/ses/explicit.html Thu Dec 19 19:42:39 2013
UTC
@@ -152,6 +152,31 @@
})();
</script>
+<script>
+ (function() {
+ "use strict";
+ if (!ses.ok()) {
+ return;
+ }
+
+ var src =
+ 'function foo() { throw Error("Expand me to see stack"); }\n' +
+ 'function foo2() { foo(); }\n' +
+ 'function foo3() { foo2(); }\n' +
+ 'foo3();\n';
+
+ try {
+ cajaVM.eval(src);
+ } catch (err) {
+ // The ses.logger installed by useHTMLLogger.js uses ses.getStack
+ // to display the stack, if any, associated with the err argument.
+ ses.logger.info('Expected error to test ses.getStack API: ', err);
+ return;
+ }
+ ses.logger.error('Missing expected error');
+ }());
+</script>
+
<script src="makeQ.js"></script>
<script src="makeFarResourceMaker.js"></script>
<script src="compileExprLater.js"></script>
=======================================
--- /trunk/src/com/google/caja/ses/logger.js Thu Feb 14 22:31:30 2013 UTC
+++ /trunk/src/com/google/caja/ses/logger.js Thu Dec 19 19:42:39 2013 UTC
@@ -163,8 +163,8 @@
// We don't do "console.apply" because "console" is not a function
// on IE 10 preview 2 and it has no apply method. But it is a
// callable that Function.prototype.apply can successfully apply.
- // This code most work on ES3 where there's no bind. When we
- // decide support defensiveness in contexts (frames) with mutable
+ // This code must work on ES3 where there's no bind. When we
+ // decide to support defensiveness in realms with mutable
// primordials, we will need to revisit the "call" below.
apply.call(console[level], console, [''].concat(args));
=======================================
--- /trunk/src/com/google/caja/ses/repairES5.js Mon Oct 28 23:24:18 2013 UTC
+++ /trunk/src/com/google/caja/ses/repairES5.js Thu Dec 19 19:42:39 2013 UTC
@@ -2852,6 +2852,41 @@
return fail;
});
}
+
+ /**
+ * Detects
+ *
https://connect.microsoft.com/IE/feedback/details/811124/ie11-javascript-function-scoping-is-weird-with-respect-to-functions-and-try-catch
+ * in strict code.
+ *
+ * A strict nested function definition should either be a syntax
+ * error, as
+ *
http://wiki.ecmascript.org/doku.php?id=conventions:recommendations_for_implementors
+ * recommends, or it should stay local to its block, as ES6
+ * specifies. Within that block, an assignment to that function's
+ * name should assign to the block-local variable defined by that
+ * function.
+ */
+ function test_NESTED_STRICT_FUNCTIONS_LEAK() {
+ try {
+ return unsafeEval(
+ '(function() {\n' +
+ ' "use strict";\n' +
+ ' var a = function good() { return false; };\n' +
+ ' try {\n' +
+ ' function a() { return true; }' +
+ ' a = function blah() {\n' +
+ ' return "Assignment skipped nested function
definition";\n' +
+ ' };\n' +
+ ' } catch (x) {}\n' +
+ ' return a();\n' +
+ '})();\n');
+ } catch (err) {
+ if (err instanceof SyntaxError) {
+ return false;
+ }
+ return 'Unexpected error from strict nested function: ' + err;
+ }
+ }
////////////////////// Repairs /////////////////////
//
@@ -4526,6 +4561,18 @@
// appears on Safari only
sections: ['15.2.3.9', '15.2.3.12'],
tests: [] // hopefully will be in ES6 tests
+ },
+ {
+ id: 'NESTED_STRICT_FUNCTIONS_LEAK',
+ description: 'Strict nested functions leak from block scope',
+ test: test_NESTED_STRICT_FUNCTIONS_LEAK,
+ repair: void 0,
+ preSeverity: severities.UNSAFE_SPEC_VIOLATION,
+ canRepair: false,
+ urls:
['https://connect.microsoft.com/IE/feedback/details/811124/ie11-javascript-function-scoping-is-weird-with-respect-to-functions-and-try-catch',
+
'http://wiki.ecmascript.org/doku.php?id=conventions:recommendations_for_implementors'],
+ sections: [],
+ tests: [] // hopefully will be in ES6 tests
}
];
=======================================
--- /trunk/src/com/google/caja/ses/startSES.js Mon Oct 28 23:24:18 2013 UTC
+++ /trunk/src/com/google/caja/ses/startSES.js Thu Dec 19 19:42:39 2013 UTC
@@ -781,11 +781,11 @@
ses.makeCompiledExpr = makeCompiledExpr;
/**
- * Compiles {@code src} as a strict expression into a function
+ * Compiles {@code exprSrc} as a strict expression into a function
* of an {@code imports}, that when called evaluates {@code
* exprSrc} in a virtual global environment whose {@code this} is
- * bound to that {@code imports}, and whose free variables
- * refer only to the properties of that {@code imports}.
+ * bound to that {@code imports}, and whose free variables refer
+ * only to the properties of that {@code imports}.
*
* <p>The optional {@code opt_mitigateOpts} can be used to control
* which transformations are applied to src, if they are
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
