|
|
It is possible to programatically construct a parse tree containing
conditionals where the rendered form attaches an else to the wrong
conditional.
For e.g., it is possible to programatically move
if (foo) bar();
into the body of
if (baz) @body else boo();
which should result in the structure
if (baz) { if (foo) bar(); } else boo();
but which naively renders to
if (baz) if (foo) bar(); else boo();
which is equivalent to
if (baz) { if (foo) bar(); else boo(); }
Our code does not do this right now -- we are liberal with blocks --
so this does not constitute an attack vector.
This adds a method to statement, hasHangingConditional, and changes
the Conditional.render to add curly braces when the structure would
require them to resolve ambiguity.
Please look especially at the definition and use of
hasHangingConditional in Conditional.java and the tests in ParserTest.java
Submitted @3842
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+131 lines, -9 lines) |
Patch |
 |
M |
src/com/google/caja/parser/js/Block.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/BreakStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/CatchStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/Conditional.java
|
View
|
|
2 chunks |
+14 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ContinueStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/DebuggerStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/Declaration.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/DoWhileLoop.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ExpressionStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/FinallyStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ForEachLoop.java
|
View
|
|
1 chunk |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ForLoop.java
|
View
|
|
1 chunk |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/LabeledStmtWrapper.java
|
View
|
|
1 chunk |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/MultiDeclaration.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/Noop.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ReturnStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/Statement.java
|
View
|
|
1 chunk |
+6 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/SwitchCase.java
|
View
|
|
1 chunk |
+6 lines, -2 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/SwitchStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/ThrowStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/TranslatedCode.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/TryStmt.java
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/UseSubsetDirective.java
|
View
|
|
3 chunks |
+8 lines, -6 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/WhileLoop.java
|
View
|
|
1 chunk |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
src/com/google/caja/parser/js/WithStmt.java
|
View
|
|
2 chunks |
+5 lines, -1 line |
0 comments
|
Download
|
|
M |
tests/com/google/caja/parser/js/ParserTest.java
|
View
|
|
4 chunks |
+44 lines, -0 lines |
0 comments
|
Download
|
Total messages: 2
|
