Fixes several problems in our support for safe debugging.
Fixes https://code.google.com/p/google-caja/issues/detail?id=1516
The UnsafeError object was exposed to privileged code as a property on
ses. Since the ses is accessible only to privileged code, this is not
a vulnerability, but it does violate a stated invariant. Caught by
trying to verify SES using S5
http://blog.brownplt.org/2011/11/11/s5-javascript-semantics.html
Fixes https://code.google.com/p/google-caja/issues/detail?id=1963
Rewires the Error inheritance hierarchy to stay compatible with ES6
while staying safe.
Fixes https://code.google.com/p/google-caja/issues/detail?id=1964
On non-v8, debug.js detects of Error.prototype.stack is an accessor
property. If so, grab its getter for its own internal use. This now
provides proper encapsulation of stack information on FF40
Nightly in addition to the encapsulation we have long had on v8.
Fixes https://code.google.com/p/google-caja/issues/detail?id=1965
When detecting a url into the rawgit service that matches a common
pattern, useHTMLLogger renders this as a link that takes you to the
corresponding page on github with the correct line highlighted.
https://codereview.appspot.com/226970043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
