Status: New
Owner: erights
Labels: Type-Defect Priority-Medium Component-Other
New issue 1904 by erights: Make mitigations options more modular and less
error prone.
http://code.google.com/p/google-caja/issues/detail?id=1904
As indicated in comments #8 and #12 at
https://codereview.appspot.com/67720043/ :
At #8 Kevin wrote:
On 2014/03/11 23:31:21, kpreid_google wrote:
> Insofar as SES should be able to hypothetically exist as a separate
library
> which Caja depends on, it would be nice if such coordination were
somehow
> not necessary.
I agree. Suggestions?
Well, from the perspective of the dependencies,
evaluateUntrustedExternalScript
does what it does because it wants to avoid mitigation on the premise that
it
has content which either is already rewritten or doesn't care. On those
grounds
the rewriter-or-not-carer should be supplying the relevant options.
More practically, we could have SES export an appropriate options structure
for
the no-mitigation goal, which evaluateUntrustedExternalScript then passes
back
in.
At #12 Jasvir wrote:
in the absence of a compiler that checks the enum, it would help
defend against future errors/misspellings/option renames if mitigateOpts was
checked for unexpected own keys.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
