On Thu, Apr 10, 2014 at 8:13 AM, Joe Gibbs Politz <[email protected]>wrote:
> https://www.npmjs.org/package/ses > > The initSES.js there gives different answers for me in Chrome for spec > violations than I get from loading https://caja.appspot.com/caja.js, so I > think it's at least somewhat out of date (though it seems to agree with the > es-lab version). It hasn't been updated in a year, so I'm assuming I > shouldn't trust it long-term, but it's so convenient I'd be happy to be > told otherwise. > I do not recommend using anything but the latest version of SES, assuming you want security and not just the semblance of it. We occasionally have to patch browser bugs with little notice. > Is that version at all semi-official or maintained, do you guys know? > It is not official. Our own repository is the only reliably-updated source for SES (that I know of). If not, is my best bet just checking out the Caja repo and loading SES from > there? > Yes, that is what I would recommend. -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
