On Fri, Jun 19, 2015 at 3:02 PM, 'Kevin Reid' via Google Caja Discuss <
[email protected]
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&[email protected]>
> wrote:
> In startSES.js, we have the following function which normalizes the
> mitigation options. If it is passed null/undefined, parseFunctionBody will
> be true, but if it is passed {}, parseFunctionBody will be false. Why?
>
The text in startSES (which I think I wrote) says:
If {@code opt_mitigateOpts} is {@code undefined ||
null} then all default transformations are applied
which implies that these should be the same. I see from the code below that
the null/undefined settings differ from the fully default settings only for
parseFunctionBody. I see no mention of parseFunctionBody in either code or
comments that would explain a rationale for having these differ. If I in
fact wrote these to differ (as I think I did) I did not write down anything
that reminds me of why, and I cannot currently construct a reason.
I think it should default to false in both cases. Also we should refactor
this code so these decisions are expressed only once. That way they are
less likely to get out of sync.
>
> The context of this question is that I was considering using the sourceUrl
> option where it was not previously present, and doing so will currently
> change other behavior unless I override that option.
>
> function resolveOptions(opt_mitigateOpts) {
> function resolve(opt, defaultOption) {
> return (opt_mitigateOpts && opt in opt_mitigateOpts) ?
> opt_mitigateOpts[opt] : defaultOption;
> }
> var options = {};
> if (opt_mitigateOpts === undefined || opt_mitigateOpts === null) {
> options.maskReferenceError = true;
> options.parseFunctionBody = true;
> options.sourceUrl = void 0;
>
> options.rewriteTopLevelVars = true;
> options.rewriteTopLevelFuncs = true;
> options.rewriteFunctionCalls = true;
> options.rewriteTypeOf = false;
> options.forceParseAndRender = false;
> } else {
> options.maskReferenceError = resolve('maskReferenceError', true);
> options.parseFunctionBody = resolve('parseFunctionBody', false);
> options.sourceUrl = resolve('sourceUrl', void 0);
>
> options.rewriteTopLevelVars = resolve('rewriteTopLevelVars', true);
> options.rewriteTopLevelFuncs = resolve('rewriteTopLevelFuncs', true);
> options.rewriteFunctionCalls = resolve('rewriteFunctionCalls', true);
> options.rewriteTypeOf = resolve('rewriteTypeOf',
> !options.maskReferenceError);
> options.forceParseAndRender = resolve('forceParseAndRender', false);
> }
> return options;
> }
>
--
Cheers,
--MarkM
--
---
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
