Make ___.prepareModule more paranoid

Change cajita.js prepareModule to be more paranoid about what it exposes
to the Cajita programmer. We wish to preserve the invariant that the module
object exposed to Cajita is transitively immutable.

In the old way, the debugging information on top-level modules was not being
frozen, and was being copied into the module exposed to Cajita, thus serving
as a communication channel.

[ihab.awad, 2009-09-10 22:38:25]

Ping.

[maoziqing, 2009-09-10 22:50:00]

On 2009/09/10 22:38:25, ihab.awad wrote:
> Ping.

LGTM. Sorry, I missed the original message.

[ihab.awad, 2009-09-21 18:10:58]

Jas, I made a bunch of changes here ... could you please look over this and
confirm LGTM?

The idea is to whitelist into module objects exposed to Cajita by the module
system only those properties of the "raw" Caja module literal that are
necessary, and ensure these properties do not provide a communication channel
(i.e., are transitively frozen).

[Jasvir, 2009-09-21 20:43:02]

LGTM

[Jasvir, 2009-09-21 20:43:40]

http://codereview.appspot.com/115041/diff/4002/4004
File src/com/google/caja/cajita.js (right):

http://codereview.appspot.com/115041/diff/4002/4004#newcode2716
Line 2716: setStatic(theModule, 'includedModules',
___.freeze(module.includedModules));
This is transitive freeze because includedModules is merely an array of strings.

[ihab.awad, 2009-09-21 20:45:25]

http://codereview.appspot.com/115041/diff/4002/4004
File src/com/google/caja/cajita.js (right):

http://codereview.appspot.com/115041/diff/4002/4004#newcode2716
Line 2716: setStatic(theModule, 'includedModules',
___.freeze(module.includedModules));
On 2009/09/21 20:43:40, jasvir wrote:
> This is transitive freeze because includedModules is merely an array of
strings.
> 

Thanks - added a comment.

[ihab.awad, 2009-09-21 21:26:57]

@3732