Issue 13343047: unpublish callWithEjector

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 13343047: unpublish callWithEjector (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
12 years, 6 months ago by felix8a

Modified:
12 years, 6 months ago

Reviewers:
Mark S. Miller, kpreid2, MarkM

CC:
google-caja-discuss_googlegroups.com

Base URL:
http://google-caja.googlecode.com/svn/trunk/

Visibility:
Public.

More Reviews

Description

this addresses https://code.google.com/p/google-caja/issues/detail?id=1374 callWithEjector is not generally safe to use casually, because careless or malicious code can interfere with the ejection mechanism. This CL documents that limitation, and also unpublishes callWithEjector and eject, since they don't appear to have any external uses.

Patch Set 1 #

Created: 12 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+12 lines, -6 lines)			Patch
M	src/com/google/caja/es53.js	View	2 chunks	+6 lines, -2 lines	0 comments	Download
M	src/com/google/caja/ses/ejectorsGuardsTrademarks.js	View	2 chunks	+6 lines, -2 lines	0 comments	Download
M	src/com/google/caja/ses/whitelist.js	View	1 chunk	+0 lines, -2 lines	0 comments	Download

Messages

Total messages: 5

Expand All Messages | Collapse All Messages

MarkM

LGTM. Should this module still be called "ejectorsGuardsTrademarks"?

12 years, 6 months ago (2013-09-04 01:00:18 UTC) #2

kpreid2

On 2013/09/04 01:00:18, MarkM wrote: > LGTM. > > Should this module still be called ...

12 years, 6 months ago (2013-09-04 02:19:22 UTC) #3

Mark S. Miller

12 years, 6 months ago (2013-09-04 18:25:32 UTC) #5

On Tue, Sep 3, 2013 at 7:19 PM, <kpreid.switchb.org@gmail.com> wrote:

> On 2013/09/04 01:00:18, MarkM wrote:
>
>> LGTM.
>>
>
>  Should this module still be called "ejectorsGuardsTrademarks"?
>>
>
> MarkM, I am surprised you approve of reducing the “standard
> library” features of SES in this way.

I like the functionality of ejectors, but I am uncomfortable with the
implications of doing this as a library rather than directly in the
language, due to the unavoidable interactions with throw/try/catch/finally.
Hiding this now, before customers rely on it, is still easy. If we decide
we wish to expose it again later, that would also be easy.

>
>
>
https://codereview.appspot.**com/13343047/<https://codereview.appspot.com/133...
>
> --
>
> ---You received this message because you are subscribed to the Google
> Groups "Google Caja Discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
google-caja-discuss+**unsubscribe@googlegroups.com<google-caja-discuss%2Bunsu...
> .
> For more options, visit
https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/o...
> .
>

-- 
    Cheers,
    --MarkM

Expand All Messages | Collapse All Messages