On 2015/04/27 23:49:20, MarkM wrote:
Hi Kevin, I'm done. So either this is all your's now, or you can walk
me through
submitting this to github.
https://codereview.appspot.com/226970043/diff/60001/src/com/google/caja/ses/debug.js
File src/com/google/caja/ses/debug.js (right):
https://codereview.appspot.com/226970043/diff/60001/src/com/google/caja/ses/debug.js#newcode86
src/com/google/caja/ses/debug.js:86: [EvalError, RangeError,
ReferenceError,
SyntaxError, TypeError, URIError
On 2015/04/20 17:48:50, kpreid_google wrote:
> What happens if this list is out of sync with the whitelist?
Because of our new __proto__ test, it should fail safe, which is why
https://code.google.com/p/google-caja/issues/detail?id=1963 could be
filed as a
public bug. As an experiment just now, removing URIError from the list
above
caused SES to fail safe on Chrome 44 Canary with:
Max Severity: Not isolated(5) is not SES-safe.
[-] 1 unexpected intrinsic. Not isolated(5) is not SES-safe.
URIError.__proto__
But going the other way -- leaving URIError in the above list but
deleting it
from whitelist.js -- did not provoke a diagnostic. Instead, URIError
is rewired
by not whitelisted, which is still safe.
> If it's silent and bad, add a warning to the whitelist.
>
> Or, perhaps we could derive this list from the whitelist, ensuring
it's in
sync?
I just added comments to debug.js and whitelist.js documenting that
these lists
need to be kept in sync.
Done.
https://codereview.appspot.com/226970043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
