Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(765)

Issue 222570043: Whitelists non-std %IteratorPrototype%.next (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
8 years, 11 months ago by MarkM
Modified:
8 years, 11 months ago
Reviewers:
kpreid_google
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on some FF betas. Also change the whitelisting of %Generator%.prototype(.next, .return, .throw) from t to *, since inheriting these should be safe. NOTE: Not tested yet. Not to be submitted until tested.

Patch Set 1 #

Patch Set 2 : Whitelists non-std %IteratorPrototype%.next #

Patch Set 3 : Whitelists non-std %IteratorPrototype%.next #

Total comments: 4

Patch Set 4 : Whitelists non-std %IteratorPrototype%.next #

Total comments: 2

Patch Set 5 : Whitelists non-std %IteratorPrototype%.next #

Total comments: 5

Patch Set 6 : Whitelists non-std %IteratorPrototype%.next #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+150 lines, -21 lines) Patch
M src/com/google/caja/ses/explicit.html View 1 2 3 4 3 chunks +5 lines, -5 lines 0 comments Download
M src/com/google/caja/ses/repairES5.js View 1 2 3 4 5 8 chunks +87 lines, -10 lines 1 comment Download
M src/com/google/caja/ses/startSES.js View 1 2 3 4 5 5 chunks +32 lines, -3 lines 0 comments Download
M src/com/google/caja/ses/whitelist.js View 1 2 3 4 5 2 chunks +26 lines, -3 lines 0 comments Download

Messages

Total messages: 14
MarkM
8 years, 11 months ago (2015-04-13 18:20:30 UTC) #1
MarkM
Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on ...
8 years, 11 months ago (2015-04-13 18:21:24 UTC) #2
MarkM
Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on ...
8 years, 11 months ago (2015-04-13 18:21:32 UTC) #3
kpreid_google
LGTM https://codereview.appspot.com/222570043/diff/40001/src/com/google/caja/ses/whitelist.js File src/com/google/caja/ses/whitelist.js (right): https://codereview.appspot.com/222570043/diff/40001/src/com/google/caja/ses/whitelist.js#newcode135 src/com/google/caja/ses/whitelist.js:135: prototype: { Maybe a brief comment here about ...
8 years, 11 months ago (2015-04-13 18:35:10 UTC) #4
MarkM
Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on ...
8 years, 11 months ago (2015-04-13 19:26:31 UTC) #5
MarkM
https://codereview.appspot.com/222570043/diff/40001/src/com/google/caja/ses/whitelist.js File src/com/google/caja/ses/whitelist.js (right): https://codereview.appspot.com/222570043/diff/40001/src/com/google/caja/ses/whitelist.js#newcode135 src/com/google/caja/ses/whitelist.js:135: prototype: { On 2015/04/13 18:35:10, kpreid_google wrote: > Maybe ...
8 years, 11 months ago (2015-04-13 19:27:09 UTC) #6
kpreid_google
still LGTM https://codereview.appspot.com/222570043/diff/60001/src/com/google/caja/ses/whitelist.js File src/com/google/caja/ses/whitelist.js (right): https://codereview.appspot.com/222570043/diff/60001/src/com/google/caja/ses/whitelist.js#newcode136 src/com/google/caja/ses/whitelist.js:136: // the %Generator% intrinsic, which all generator ...
8 years, 11 months ago (2015-04-14 17:42:27 UTC) #7
MarkM
Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on ...
8 years, 11 months ago (2015-04-15 06:32:21 UTC) #8
MarkM
Many changes since last time. Now with tests, so a submission candidate. PTAL. https://codereview.appspot.com/222570043/diff/60001/src/com/google/caja/ses/whitelist.js File ...
8 years, 11 months ago (2015-04-15 06:37:27 UTC) #9
kpreid_google
https://codereview.appspot.com/222570043/diff/80001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/222570043/diff/80001/src/com/google/caja/ses/repairES5.js#newcode3693 src/com/google/caja/ses/repairES5.js:3693: ses.optForeignForIn = inTestFrame(function(window) { Without having any specific ideas ...
8 years, 11 months ago (2015-04-20 17:39:11 UTC) #10
MarkM
Fixes https://code.google.com/p/google-caja/issues/detail?id=1962 by working around https://bugzilla.mozilla.org/show_bug.cgi?id=1152550, which is currently causing cross-frame for/in to fail on ...
8 years, 11 months ago (2015-04-21 10:59:29 UTC) #11
MarkM
All your's. https://codereview.appspot.com/222570043/diff/80001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/222570043/diff/80001/src/com/google/caja/ses/repairES5.js#newcode3693 src/com/google/caja/ses/repairES5.js:3693: ses.optForeignForIn = inTestFrame(function(window) { On 2015/04/20 17:39:10, ...
8 years, 11 months ago (2015-04-21 11:00:43 UTC) #12
kpreid_google
LGTM As discussed privately, I will be submitting this on MarkM's behalf because he's away ...
8 years, 11 months ago (2015-04-21 17:15:56 UTC) #13
kpreid_google
8 years, 11 months ago (2015-04-21 17:22:34 UTC) #14
On 2015/04/21 17:15:56, kpreid_google wrote:
> LGTM
> 
> As discussed privately, I will be submitting this on MarkM's behalf because
he's
> away and we want this fixed soon.

Committed and pushed to master @ 0f80d73437eb4a2b21cc0c905ee1d170126635ae.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b