Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(159)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 116047: Unbundled synchronous loading for Cajita and ServerJS modules (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
16 years, 6 months ago by maoziqing
Modified:
16 years, 6 months ago
Reviewers:
ihab.awad
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

Synchronous modules are retrieved before the container is instantiated. The load object is created given the current identifier and an identifier resolver.

Patch Set 1 #

Total comments: 7

Patch Set 2 : Unbundled synchronous loading for Cajita and ServerJS modules #

Total comments: 24

Patch Set 3 : Unbundled synchronous loading for Cajita and ServerJS modules #

Patch Set 4 : Unbundled synchronous loading for Cajita and ServerJS modules #

Unified diffs Side-by-side diffs Delta from patch set Stats (+700 lines, -300 lines) Patch
M build.xml View 1 2 2 chunks +17 lines, -4 lines 0 comments Download
M src/com/google/caja/cajita.js View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M src/com/google/caja/cajita-module.js View 1 2 6 chunks +170 lines, -63 lines 0 comments Download
A + src/com/google/caja/commonjs-sandbox.js View 1 chunk +36 lines, -56 lines 0 comments Download
M src/com/google/caja/parser/quasiliteral/CajitaRewriter.java View 1 2 5 chunks +27 lines, -9 lines 0 comments Download
M src/com/google/caja/parser/quasiliteral/DefaultValijaRewriter.java View 1 2 1 chunk +60 lines, -0 lines 0 comments Download
M src/com/google/caja/serverjs-sandbox.js View 1 2 1 chunk +0 lines, -104 lines 0 comments Download
M tests/com/google/caja/a.js View 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/add.js View 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/c.js View 1 chunk +19 lines, -0 lines 0 comments Download
A + tests/com/google/caja/commonJsRecursion.js View 2 chunks +20 lines, -1 line 0 comments Download
M tests/com/google/caja/demos/applet/caja-applet-cajita-golden.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/demos/applet/caja-applet-valija-golden.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/foo/b.js View 1 chunk +19 lines, -0 lines 0 comments Download
A tests/com/google/caja/foo/f.js View 1 2 1 chunk +21 lines, -0 lines 0 comments Download
M tests/com/google/caja/foo/inc.js View 2 1 chunk +20 lines, -1 line 0 comments Download
A tests/com/google/caja/foo/staticinc.js View 1 2 1 chunk +23 lines, -0 lines 0 comments Download
M tests/com/google/caja/opensocial/example-rewritten.xml View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/parser/quasiliteral/ModuleFormatTest.java View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/parser/quasiliteral/c.js View 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/parser/quasiliteral/foo/b.js View 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/parser/quasiliteral/testModule.co.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M tests/com/google/caja/parser/quasiliteral/x.js View 1 chunk +19 lines, -0 lines 0 comments Download
M tests/com/google/caja/plugin/domita_test.html View 1 2 7 chunks +21 lines, -25 lines 0 comments Download
M tests/com/google/caja/plugin/domita_test_untrusted.html View 1 2 8 chunks +80 lines, -25 lines 0 comments Download
M tests/com/google/caja/recursion.js View 1 2 2 chunks +20 lines, -1 line 0 comments Download
D tests/com/google/caja/serverJsRecursion.js View 1 chunk +0 lines, -10 lines 0 comments Download
M tests/com/google/caja/service/CajolingServiceTest.java View 1 2 3 chunks +3 lines, -0 lines 0 comments Download
A tests/com/google/caja/sum.js View 1 2 1 chunk +23 lines, -0 lines 0 comments Download
M tests/com/google/caja/x.js View 1 chunk +19 lines, -0 lines 0 comments Download

Messages

Total messages: 4
maoziqing
16 years, 6 months ago (2009-09-05 00:03:08 UTC) #1
maoziqing
addressed the following comments http://codereview.appspot.com/116047/diff/1/14 File src/com/google/caja/cajita-module.js (right): http://codereview.appspot.com/116047/diff/1/14#newcode121 Line 121: r.resolve(cache[mid]); cache should maintain ...
16 years, 6 months ago (2009-09-09 22:48:41 UTC) #2
ihab.awad
LGTM with comments. If you have the time, it would be nice to add copyright ...
16 years, 6 months ago (2009-09-10 21:07:21 UTC) #3
maoziqing
16 years, 6 months ago (2009-09-11 01:33:11 UTC) #4 
committed version: 3724

http://codereview.appspot.com/116047/diff/21/35
File src/com/google/caja/cajita-module.js (right):

http://codereview.appspot.com/116047/diff/21/35#newcode95
Line 95: for (var i=0; i<size; i++) {
On 2009/09/10 21:07:23, ihab.awad wrote:
> Code style: Spaces around "=" and "<"

Done.

http://codereview.appspot.com/116047/diff/21/35#newcode140
Line 140: + "module "+ mid + " failed."));
On 2009/09/10 21:07:23, ihab.awad wrote:
> Code style: Spaces around "+"

Done.

http://codereview.appspot.com/116047/diff/21/37
File src/com/google/caja/parser/quasiliteral/CajitaRewriter.java (right):

http://codereview.appspot.com/116047/diff/21/37#newcode243
Line 243: {
On 2009/09/10 21:07:23, ihab.awad wrote:
> Code style: Move opening brace 1 line up.

Done.

http://codereview.appspot.com/116047/diff/21/37#newcode263
Line 263: 
On 2009/09/10 21:07:23, ihab.awad wrote:
> Extra blank line?

Done.

http://codereview.appspot.com/116047/diff/21/39
File src/com/google/caja/serverjs-sandbox.js (right):

http://codereview.appspot.com/116047/diff/21/39#newcode20
Line 20: var serverJsSandboxMaker = (function(env, valijaMaker, loadMaker) {
On 2009/09/10 21:07:23, ihab.awad wrote:
> So ... since you wrote this code, ServerJS is now called CommonJS. :) I think
> it's perfectly ok to check in this CL as-is and rename later though.

Done.

http://codereview.appspot.com/116047/diff/21/39#newcode26
Line 26: function resolveModuleId(mid, src) {
On 2009/09/10 21:07:23, ihab.awad wrote:
> As we discussed, this is here only to provide "require.moduleId" for CommonJS
> compliance.
> 
> I vote we make "moduleId" a public field of the Cajita-level secured module
> object and simplify things at this level. If we decide this is not secure
> enough, we can always just say that, for security reasons, the Caja
> implementation of CommonJS does not support "require.moduleId".

Done.

http://codereview.appspot.com/116047/diff/21/39#newcode82
Line 82: };
On 2009/09/10 21:07:23, ihab.awad wrote:
> Code style: Extra semicolon?

Done.

http://codereview.appspot.com/116047/diff/21/39#newcode97
Line 97: var load = loadMaker(mid, resolveModuleId);
On 2009/09/10 21:07:23, ihab.awad wrote:
> Would you be able to eliminate the call to loadMaker if the Cajita-level
secured
> module exposed its "load" as a field?
> 
> If so, I vote we expose "load" from the Cajita-level secured module, simplify
> the code here, then start to work how to make it more secure.
> 
> The problem is that module ID resolvers are not unique -- there can be many --
> and it would be a very confusing event if the CommonJS-level one were
different
> from the underlying Cajita one.

Done.

http://codereview.appspot.com/116047/diff/21/39#newcode108
Line 108: "Loading module " + newMid + "failed, " + reason));
On 2009/09/10 21:07:23, ihab.awad wrote:
> Space in "failed..."?

Done.

http://codereview.appspot.com/116047/diff/21/30
File tests/com/google/caja/plugin/domita_test.html (right):

http://codereview.appspot.com/116047/diff/21/30#newcode99
Line 99: <div id="untrusted_content" class="xyz___"
On 2009/09/10 21:07:23, ihab.awad wrote:
> The original (left hand side) is newer.

Done.

http://codereview.appspot.com/116047/diff/21/30#newcode189
Line 189: (new Function(htmlAndScript[2]))();
On 2009/09/10 21:07:23, ihab.awad wrote:
> The original (left hand side) is newer.

Done.

http://codereview.appspot.com/116047/diff/21/31
File tests/com/google/caja/plugin/domita_test_untrusted.html (right):

http://codereview.appspot.com/116047/diff/21/31#newcode2987
Line 2987: function testStaticServerJsModule() {
On 2009/09/10 21:07:23, ihab.awad wrote:
> Indent this line with the preceding single quote (for consistency with rest of
> file).

Done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b