Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
12 views
Skip to first unread message
re...@codereview-hr.appspotmail.com
May 27, 2016, 6:00:23 PM5/27/16
to eri...@gmail.com, kpr...@google.com, google-ca...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reviewers: MarkM,
Description:
Any non-identifier or possible non-identifier will now be correctly
rejected. Additionally, if the name merely contains a space (as in
(function f() {}).bind().name === "bound f"), replace it with an
underscore to make it valid.
Please review this at https://codereview.appspot.com/301810043/
Affected files (+24, -1 lines):
M src/com/google/caja/ses/repairES5.js
M tests/com/google/caja/ses/test-ses-parts.js
Index: src/com/google/caja/ses/repairES5.js
diff --git a/src/com/google/caja/ses/repairES5.js
b/src/com/google/caja/ses/repairES5.js
index
1b5db91b18366b4bc5f74209104952788ba5dd0b..6fabc25672d19ec7a5e76795375d21dd3d5ad9e4
100644
--- a/src/com/google/caja/ses/repairES5.js
+++ b/src/com/google/caja/ses/repairES5.js
@@ -1130,7 +1130,11 @@ var ses;
* arity.
*/
function makeStandinMaker(standinName, arity) {
- if (!/[a-zA-Z][a-zA-Z0-9]*/.test(standinName)) {
+ // Allow approximations of function names like "bound f".
+ standinName = standinName.replace(/ /g, '_');
+
+ // Reject names that could be syntax errors.
+ if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(standinName)) {
standinName = 'standin';
}
var cacheLine = standinMakerCache.get(standinName);
@@ -1138,6 +1142,7 @@ var ses;
standinName = 'standin';
cacheLine = standinMakerCache.get(standinName);
}
+
if (!cacheLine) {
cacheLine = [];
standinMakerCache.set(standinName, cacheLine);
Index: tests/com/google/caja/ses/test-ses-parts.js
diff --git a/tests/com/google/caja/ses/test-ses-parts.js
b/tests/com/google/caja/ses/test-ses-parts.js
index
0adf3e0c407df15a96a785597072574af0e67db5..40017a43d20e54444caa5baf922fe2df8b996d04
100644
--- a/tests/com/google/caja/ses/test-ses-parts.js
+++ b/tests/com/google/caja/ses/test-ses-parts.js
@@ -198,3 +198,21 @@
jsunitRegister('testAtLeastFreeVarNamesOnNewUnicodeEscapes', function() {
});
jsunitPass();
});
+
+jsunitRegister('testFuncLikeBind', function() {
+ // <function>.name is not necessarily an identifier; funcLike must not
fail
+ // in that case.
+ // Example: In EcmaScript 2015, function f() {}.bind().name === 'bound f'
+
+ function f(a, b, c) { return "f ret"; }
+ function g(a, b) { return "g ret"; }
+
+ // This we expect not to throw.
+ var boundLike = ses.funcLike(g, f.bind());
+
+ // Just checking that the func is as expected.
+ assertEquals(3, boundLike.length);
+ assertEquals('g ret', boundLike());
+
+ jsunitPass();
+});
\ No newline at end of file
Description:
Any non-identifier or possible non-identifier will now be correctly
rejected. Additionally, if the name merely contains a space (as in
(function f() {}).bind().name === "bound f"), replace it with an
underscore to make it valid.
Please review this at https://codereview.appspot.com/301810043/
Affected files (+24, -1 lines):
M src/com/google/caja/ses/repairES5.js
M tests/com/google/caja/ses/test-ses-parts.js
Index: src/com/google/caja/ses/repairES5.js
diff --git a/src/com/google/caja/ses/repairES5.js
b/src/com/google/caja/ses/repairES5.js
index
1b5db91b18366b4bc5f74209104952788ba5dd0b..6fabc25672d19ec7a5e76795375d21dd3d5ad9e4
100644
--- a/src/com/google/caja/ses/repairES5.js
+++ b/src/com/google/caja/ses/repairES5.js
@@ -1130,7 +1130,11 @@ var ses;
* arity.
*/
function makeStandinMaker(standinName, arity) {
- if (!/[a-zA-Z][a-zA-Z0-9]*/.test(standinName)) {
+ // Allow approximations of function names like "bound f".
+ standinName = standinName.replace(/ /g, '_');
+
+ // Reject names that could be syntax errors.
+ if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(standinName)) {
standinName = 'standin';
}
var cacheLine = standinMakerCache.get(standinName);
@@ -1138,6 +1142,7 @@ var ses;
standinName = 'standin';
cacheLine = standinMakerCache.get(standinName);
}
+
if (!cacheLine) {
cacheLine = [];
standinMakerCache.set(standinName, cacheLine);
Index: tests/com/google/caja/ses/test-ses-parts.js
diff --git a/tests/com/google/caja/ses/test-ses-parts.js
b/tests/com/google/caja/ses/test-ses-parts.js
index
0adf3e0c407df15a96a785597072574af0e67db5..40017a43d20e54444caa5baf922fe2df8b996d04
100644
--- a/tests/com/google/caja/ses/test-ses-parts.js
+++ b/tests/com/google/caja/ses/test-ses-parts.js
@@ -198,3 +198,21 @@
jsunitRegister('testAtLeastFreeVarNamesOnNewUnicodeEscapes', function() {
});
jsunitPass();
});
+
+jsunitRegister('testFuncLikeBind', function() {
+ // <function>.name is not necessarily an identifier; funcLike must not
fail
+ // in that case.
+ // Example: In EcmaScript 2015, function f() {}.bind().name === 'bound f'
+
+ function f(a, b, c) { return "f ret"; }
+ function g(a, b) { return "g ret"; }
+
+ // This we expect not to throw.
+ var boundLike = ses.funcLike(g, f.bind());
+
+ // Just checking that the func is as expected.
+ assertEquals(3, boundLike.length);
+ assertEquals('g ret', boundLike());
+
+ jsunitPass();
+});
\ No newline at end of file
eri...@gmail.com
May 27, 2016, 7:01:50 PM5/27/16
to kpr...@google.com, google-ca...@googlegroups.com, re...@codereview-hr.appspotmail.com
Reply all
Reply to author
Forward
0 new messages