Hi Kevin, I'm done. So either this is all your's now, or you can walk me
through submitting this to github.
https://codereview.appspot.com/226970043/diff/60001/src/com/google/caja/ses/debug.js
File src/com/google/caja/ses/debug.js (right):
https://codereview.appspot.com/226970043/diff/60001/src/com/google/caja/ses/debug.js#newcode86
src/com/google/caja/ses/debug.js:86: [EvalError, RangeError,
ReferenceError, SyntaxError, TypeError, URIError
On 2015/04/20 17:48:50, kpreid_google wrote:
> What happens if this list is out of sync with the whitelist?
Because of our new __proto__ test, it should fail safe, which is why
https://code.google.com/p/google-caja/issues/detail?id=1963 could be
filed as a public bug. As an experiment just now, removing URIError from
the list above caused SES to fail safe on Chrome 44 Canary with:
Max Severity: Not isolated(5) is not SES-safe.
[-] 1 unexpected intrinsic. Not isolated(5) is not SES-safe.
URIError.__proto__
But going the other way -- leaving URIError in the above list but
deleting it from whitelist.js -- did not provoke a diagnostic. Instead,
URIError is rewired by not whitelisted, which is still safe.
> If it's silent and bad, add a warning to the whitelist.
> Or, perhaps we could derive this list from the whitelist, ensuring
it's in sync?
I just added comments to debug.js and whitelist.js documenting that
these lists need to be kept in sync.
Done.
https://codereview.appspot.com/226970043/