Re-enable ses.UnsafeError. (issue 248500043 by kpreid@google.com)
2 views
Skip to first unread message
re...@codereview-hr.appspotmail.com
Jun 30, 2015, 1:05:38 PM6/30/15
to eri...@gmail.com, kpr...@google.com, google-ca...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reviewers: MarkM,
Description:
Applications want to access Error.stackTraceLimit. This is a temporary
measure until a proper safe API exists.
Context:
https://github.com/google/caja/issues/1516
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
Please review this at https://codereview.appspot.com/248500043/
Affected files (+14, -0 lines):
M src/com/google/caja/ses/debug.js
Index: src/com/google/caja/ses/debug.js
diff --git a/src/com/google/caja/ses/debug.js
b/src/com/google/caja/ses/debug.js
index
8d8bea614fdb93b73acffaec43b2435d4061463a..f55920417406424c04a6a4bf2c41bb6615f0b572
100644
--- a/src/com/google/caja/ses/debug.js
+++ b/src/com/google/caja/ses/debug.js
@@ -67,6 +67,20 @@ var ses;
FakeError.prototype = UnsafeError.prototype;
FakeError.prototype.constructor = FakeError;
+ // This object should not actually be exposed. It is exposed
specifically
+ // because some applications want to do things like setting
+ // Error.stackTraceLimit. In the future, this will be replaced with a
better-
+ // designed API.
+ //
+ // Applications should make sure that they do not reveal this object to
+ // any unprivileged code, and be prepared to cope with its absence in
future
+ // versions.
+ //
+ // Some history:
+ // https://github.com/google/caja/issues/1516
+ //
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
+ ses.UnsafeError = Error;
+
Error = FakeError;
// Even though this section of code must preserve a security
Description:
Applications want to access Error.stackTraceLimit. This is a temporary
measure until a proper safe API exists.
Context:
https://github.com/google/caja/issues/1516
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
Please review this at https://codereview.appspot.com/248500043/
Affected files (+14, -0 lines):
M src/com/google/caja/ses/debug.js
Index: src/com/google/caja/ses/debug.js
diff --git a/src/com/google/caja/ses/debug.js
b/src/com/google/caja/ses/debug.js
index
8d8bea614fdb93b73acffaec43b2435d4061463a..f55920417406424c04a6a4bf2c41bb6615f0b572
100644
--- a/src/com/google/caja/ses/debug.js
+++ b/src/com/google/caja/ses/debug.js
@@ -67,6 +67,20 @@ var ses;
FakeError.prototype = UnsafeError.prototype;
FakeError.prototype.constructor = FakeError;
+ // This object should not actually be exposed. It is exposed
specifically
+ // because some applications want to do things like setting
+ // Error.stackTraceLimit. In the future, this will be replaced with a
better-
+ // designed API.
+ //
+ // Applications should make sure that they do not reveal this object to
+ // any unprivileged code, and be prepared to cope with its absence in
future
+ // versions.
+ //
+ // Some history:
+ // https://github.com/google/caja/issues/1516
+ //
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
+ ses.UnsafeError = Error;
+
Error = FakeError;
// Even though this section of code must preserve a security
eri...@gmail.com
Jun 30, 2015, 4:28:24 PM6/30/15
to kpr...@google.com, google-ca...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reply all
Reply to author
Forward
0 new messages