Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Various bug fixes exposed by Mop and CSP #1006

Merged
merged 1 commit into from Oct 11, 2012

Conversation

Projects
None yet
2 participants
Member

kriskowal commented Sep 12, 2012

After optimizing an application and running it as a Chrome extension
with a no-eval Content Security Policy, these fixes were necessary.

  • Bug in bootstrapping, when eval is forbidden, while attempting to
    infer the global variable in the most general fashion.
  • Bug in bootstrapping, where script injected templates are not
    recognized as templates.
  • Bug (fixed upstream) where the module loader fails to recognize that
    a package is using script-injection form.
  • Bug in deserializer where names are not properly unpacked from the
    "package" or "object" reference.
  • Enhancement, module display names can be based on package name
    instead of location.
Kris Kowal Various bug fixes exposed by Mop and CSP
After optimizing an application and running it as a Chrome extension
with a no-eval Content Security Policy, these fixes were necessary.

-   Bug in bootstrapping, when eval is forbidden, while attempting to
    infer the global variable in the most general fashion.
-   Bug in bootstrapping, where script injected templates are not
    recognized as templates.
-   Bug (fixed upstream) where the module loader fails to recognize that
    a package is using script-injection form.
-   Bug in deserializer where names are not properly unpacked from the
    "package" or "object" reference.
-   Enhancement, module display names can be based on package name
    instead of location.
41a685b
Member

kriskowal commented Oct 4, 2012

Hey, @francoisfrisch or @mczepiel, if anyone would care to review this, I would love to land it. For the children. I can push the commit, but would love your 👍.

@zacharyc zacharyc commented on the diff Oct 11, 2012

montage.js
@@ -67,7 +72,7 @@ if (typeof window !== "undefined") {
})(function (require, exports, module) {
// The global context object
- var global = new Function("return this")();
+ var global = this;
@zacharyc

zacharyc Oct 11, 2012

Collaborator

Why was this done with the Function call before? Just curious about what this actually means.

@kriskowal

kriskowal Oct 11, 2012

Member

In fully-implemented strict mode, this is undefined by default instead of the global object. The function constructor is the recommended way of bypassing strict mode from within strict mode.

@kriskowal kriskowal merged commit 41a685b into montagejs:master Oct 11, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment