re...@codereview-hr.appspotmail.com
unread,Jun 30, 2015, 1:05:38 PM6/30/15Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to eri...@gmail.com, kpr...@google.com, google-ca...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reviewers: MarkM,
Description:
Applications want to access Error.stackTraceLimit. This is a temporary
measure until a proper safe API exists.
Context:
https://github.com/google/caja/issues/1516
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
Please review this at
https://codereview.appspot.com/248500043/
Affected files (+14, -0 lines):
M src/com/google/caja/ses/debug.js
Index: src/com/google/caja/ses/debug.js
diff --git a/src/com/google/caja/ses/debug.js
b/src/com/google/caja/ses/debug.js
index
8d8bea614fdb93b73acffaec43b2435d4061463a..f55920417406424c04a6a4bf2c41bb6615f0b572
100644
--- a/src/com/google/caja/ses/debug.js
+++ b/src/com/google/caja/ses/debug.js
@@ -67,6 +67,20 @@ var ses;
FakeError.prototype = UnsafeError.prototype;
FakeError.prototype.constructor = FakeError;
+ // This object should not actually be exposed. It is exposed
specifically
+ // because some applications want to do things like setting
+ // Error.stackTraceLimit. In the future, this will be replaced with a
better-
+ // designed API.
+ //
+ // Applications should make sure that they do not reveal this object to
+ // any unprivileged code, and be prepared to cope with its absence in
future
+ // versions.
+ //
+ // Some history:
+ //
https://github.com/google/caja/issues/1516
+ //
https://groups.google.com/forum/#!topic/google-caja-discuss/46_j5Rb6cTc
+ ses.UnsafeError = Error;
+
Error = FakeError;
// Even though this section of code must preserve a security