gh-90309: Base64-encode cookie values embedded in JS#148848
gh-90309: Base64-encode cookie values embedded in JS#148848sethmlarson wants to merge 1 commit intopython:mainfrom
Conversation
sethmlarson
requested review from
StanFromIreland,
encukou and
serhiy-storchaka
sethmlarson
force-pushed
the
morsel-js-output
branch
from
77d2b82 to
b8dd6e4
Compare
| return '<%s: %s>' % (self.__class__.__name__, self.OutputString()) | ||
|
|
||
| def js_output(self, attrs=None): | ||
| import base64 |
There was a problem hiding this comment.
We can use lazy on the main branch.
There was a problem hiding this comment.
@StanFromIreland Is there a substantial performance difference for using lazy if the module is used immediately after it's imported? I am new to the lazy keyword! :)
There was a problem hiding this comment.
I think that @StanFromIreland meant that we can use lazy import at module level.
But this will make backporting more difficult.
serhiy-storchaka
left a comment
serhiy-storchaka
left a comment
There was a problem hiding this comment.
LGTM, but I am not expert in JavaScript.
How old is the atob() function? Can we be sure that it is supported absolutely everywhere, not only in Firefox/Chromium clones?
| return '<%s: %s>' % (self.__class__.__name__, self.OutputString()) | ||
|
|
||
| def js_output(self, attrs=None): | ||
| import base64 |
There was a problem hiding this comment.
I think that @StanFromIreland meant that we can use lazy import at module level.
But this will make backporting more difficult.
3 participants
Avoids problems arising from embedding arbitrary characters in JavaScript in
.js_output()method. I'll be submitting a follow-up issue and PR to deprecate the function as suggested in #90309 cc @komi22