Jann
Jann
Oh, and by the way, out-of-the-box HTTPS won't fix this either. You don't want to trust CAs.
@koush Well, my point is that just too many people can act as a CA. For example, every german university has a CA certificate that all major browsers will accept....
On Thu, Aug 16, 2012 at 02:56:48AM -0700, David wrote: > IMHO the update code should be disabled until someone has written a 'secure' version. +1
After staring at this for the bit, I think it's incomplete. With the fix commit applied, the original testcase behaves correctly: ``` $ expat/xmlwf/xmlwf -n -p -x -m -d test_comment_inject/out...
Yeah, that's the change I was thinking of. (Whoops, I said 2 lines but meant 3...)
ah, yeah, that looks fine to me
Oh, wow. That is great! However, I haven't touched any nodejs stuff in months, so all my node-related work is currently pretty much abandoned. In case you want to take...
I did a `npm owner add warner nacl` - I think you should have access to the npm package now.
I guess I expect something with "lint" in the name to do some plausibility checking.
Hmm, actually, looks like some of the token data is messed up. :( ``` > ast.statements[1].stat.rvalue { parent: null, type: 'num', scope: null, children: [Getter], rawNode: [ { name: 'num',...