On Fri, Mar 22, 2013 at 6:03 PM, Aymeric Vitte <vitteayme...@gmail.com>wrote:
> As far as I remember when I looked at it, there was a getfreevar > function or something like this parsing the code (or I misunderstood, see > [1] but don't read the proposal, it's wrong, even if I don't totally give > up with the concept). > Are you referring to the function atLeastFreeVarNames at < https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/atLeastFreeVarNames.js>? It does scan the source using regular expressions to look for all possible identifiers. But it doesn't do a full parse or even lex. As a result, it picks up identifiers in comments and literal strings as well. Security only requires that the code being scanned cannot contain have a free (and therefore global) variable reference without it being included in atLeastFreeVarNames's result. > > But anyway, since it will change, does it exist an official document about > SES concepts (strawman or other) ? > Nothing official yet. But see https://code.google.com/p/google-caja/wiki/SES http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en//pubs/archive/37199.pdf > > Regards, > > [1] https://gist.github.com/Ayms/2995641#another-approach-can-be-cajavm- > > Le 21/03/2013 22:17, Kevin Reid a écrit : > > Correction: > > On Thu, Mar 21, 2013 at 2:16 PM, Kevin Reid <kpr...@google.com> wrote: > >> Yes. SES requires 'with' as a means to hook into 'global' variable reads >> and writes; without it, it is impossible > > > without performing a parse and scope analysis of the code to be evaluated > > >> to emulate the semantics of browser global environments, such as in: > > > > > > _______________________________________________ > es-discuss mailing > listes-discuss@mozilla.orghttps://mail.mozilla.org/listinfo/es-discuss > > > -- > jCore > Email : avi...@jcore.fr > iAnonym : http://www.ianonym.com > node-Tor : https://www.github.com/Ayms/node-Tor > GitHub : https://www.github.com/Ayms > Web : www.jcore.fr > Webble : www.webble.it > Extract Widget Mobile : www.extractwidget.com > BlimpMe! : www.blimpme.com > > -- Cheers, --MarkM
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
