https://codereview.appspot.com/247900043/diff/1/src/com/google/caja/es53.js
File src/com/google/caja/es53.js (right):
https://codereview.appspot.com/247900043/diff/1/src/com/google/caja/es53.js#newcode721
src/com/google/caja/es53.js:721: if (fn.ok___ &&
fn.hasOwnProperty('ok___')) { return fn; }
On 2015/06/09 23:18:18, metaweta wrote:
…, we should switch to setting fn.ok___ = fn on line 731 and
elsewhere,
and test for that here.
Done.
https://codereview.appspot.com/247900043/diff/1/src/com/google/caja/es53.js#newcode2633
src/com/google/caja/es53.js:2633: // native ES5 accessors.
On 2015/06/09 22:59:22, Mark S. Miller wrote:
On 2015/06/09 22:54:57, kpreid_google wrote:
> Yes, that's what https://github.com/google/caja/issues/1967 is.
Chrome 44 has
> Function.prototype.arguments and Function.prototype.caller accessors
which
> throw.
But we don't whitelist these, do we? Can this be an issue for
properties we
don't whitelist?
We poison them; look for
Function.prototype.DefineOwnProperty___('caller', ...)
https://codereview.appspot.com/247900043/
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
