If I'm not mistaken, it is possible to override the import function by defining a macro of the same name. I guess this is undesirable and should be prevented. One could fix this by blacklisting the macro name "import" in this part of the source code: https://github.com/l20n/l20n.js/blob/be0c4f6a54af4bad23d292e68dc8afc7738cacd8/lib/l20n/parser.js#L367
Umm, I don't think that there's a threat here. import is a statement that allows importing other resources into the resource. It cannot be referenced from any part of the code, so a macro called import does not break it. Stas, does it sound right?
I think so. Import statements can only be used on the top level, i.e. where you'd normally define other entires (entities and macros). https://github.com/l20n/l20n.js/blob/59039cd21a4f51d86d36b7143be5f8986f32bc4e/lib/l20n/parser.js#L460 Trying to call a macro on the top level is a syntax error; you can only call macros in other entities or other macros. OTOH, you can't use the import statement elsewhere than on the top level, so technically, I think you can name a macro 'import' and use it with no problem. Freddy, do you agree looking at the code?
I'm not sure I fully understand the code ;) Your call.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.