https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/compileExprLater.js
File src/com/google/caja/ses/compileExprLater.js (right):
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/compileExprLater.js#newcode18
src/com/google/caja/ses/compileExprLater.js:18: * outcome of attempting
to compile the argument expression.
On 2014/01/21 18:26:20, kpreid2 wrote:
This comment doesn't explain what compileExprLater is useful for. Is
it just a
relic of designing for ES5/3 compatibility?
Done.
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/compileExprLater.js#newcode94
src/com/google/caja/ses/compileExprLater.js:94:
JSON.stringify(prep.options) + ')));' + prep.suffixSrc;
On 2014/01/21 18:26:20, kpreid2 wrote:
It would be nice if it was made more obvious that the generated code
was
well-formed and escaping-correct, but I have no specific ideas on how
to do so.
Done, in the sense that "more obvious" does not imply "obvious" ;).
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/debug.js
File src/com/google/caja/ses/debug.js (right):
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/debug.js#newcode212
src/com/google/caja/ses/debug.js:212:
framePatterns.some(function(framePattern) {
On 2014/01/21 18:26:20, kpreid2 wrote:
Not using return value is odd, maybe point out you're using this for a
breakable
array iterator?
Done.
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/debug.js#newcode221
src/com/google/caja/ses/debug.js:221: span = [[+sub[2],+sub[3]]];
On 2014/01/21 18:26:20, kpreid2 wrote:
space after comma, no strong reason not to
Done.
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/startSES.js
File src/com/google/caja/ses/startSES.js (right):
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/startSES.js#newcode847
src/com/google/caja/ses/startSES.js:847: // TODO(erights): validate
On 2014/01/21 18:26:20, kpreid2 wrote:
Clarify this comment for maintainers who aren't you.
Done. Turns out there was a security issue as well -- the possibility
that the sourceURL might be multiline, and thereby escape the line
comment. Fixed that as well. PTAL.
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/useHTMLLogger.js
File src/com/google/caja/ses/useHTMLLogger.js (right):
https://codereview.appspot.com/54760043/diff/2/src/com/google/caja/ses/useHTMLLogger.js#newcode148
src/com/google/caja/ses/useHTMLLogger.js:148: appendText(link, urlText);
On 2014/01/21 18:26:20, kpreid2 wrote:
This can be link.textContent = urlText.
Done. Thanks.
https://codereview.appspot.com/54760043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
