Status
People
(Reporter: freddyb, Unassigned)
Tracking
Details
(URL)
If I'm not mistaken, it is possible to override the import function by defining a macro of the same name. I guess this is undesirable and should be prevented. One could fix this by blacklisting the macro name "import" in this part of the source code: https://github.com/l20n/l20n.js/blob/be0c4f6a54af4bad23d292e68dc8afc7738cacd8/lib/l20n/parser.js#L367
|
||
Comment 1•5 years ago
|
||
Umm, I don't think that there's a threat here. import is a statement that allows importing other resources into the resource. It cannot be referenced from any part of the code, so a macro called import does not break it. Stas, does it sound right?
Flags: needinfo?(stas)
|
||
Comment 2•5 years ago
|
||
I think so. Import statements can only be used on the top level, i.e. where you'd normally define other entires (entities and macros). https://github.com/l20n/l20n.js/blob/59039cd21a4f51d86d36b7143be5f8986f32bc4e/lib/l20n/parser.js#L460 Trying to call a macro on the top level is a syntax error; you can only call macros in other entities or other macros. OTOH, you can't use the import statement elsewhere than on the top level, so technically, I think you can name a macro 'import' and use it with no problem. Freddy, do you agree looking at the code?
Flags: needinfo?(stas)
|
(Reporter) | |
Comment 3•5 years ago
|
||
I'm not sure I fully understand the code ;) Your call.
Blocks: 925579
|
|
(Reporter) | |
Updated•5 years ago
|
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
|
|
(Reporter) | |
Updated•5 years ago
|
Resolution: FIXED → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•