-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow AMP to be compiled with full property obfuscation #9876
Comments
The new type limits the APIs to be used with `JsonObject` to enforce that objects being passed to them used quoted property names not subject to obfuscation. Part of ampproject#9876
The new type limits the APIs to be used with `JsonObject` to enforce that objects being passed to them used quoted property names not subject to obfuscation. Part of ampproject#9876
The new type limits the APIs to be used with `JsonObject` to enforce that objects being passed to them used quoted property names not subject to obfuscation. Part of #9876
Replaces `JSON.parse` with `jsonParse` which returns a `JsonObject` and hence enforces `@dict` treatment. Part of ampproject#9876
Replaces `JSON.parse` with `jsonParse` which returns a `JsonObject` and hence enforces `@dict` treatment. Part of ampproject#9876
What about |
Replaces `JSON.parse` with `jsonParse` which returns a `JsonObject` and hence enforces `@dict` treatment. Part of #9876
@alanorozco Should be covered by externs. |
@cramforce AFAICT externs would cover that from |
@alanorozco We'll need to try, but basically because the compiler is very conservative it will assume that this might be an externed object. |
…to ensure the data is considered an external `JsonObject`. Forces the use of a `getData` function instead of accessing the `.data` property directly. The function returns the proper type. Part of ampproject#9876
…to ensure the data is considered an external `JsonObject`. Forces the use of a `getData` function instead of accessing the `.data` property directly. The function returns the proper type. Part of ampproject#9876
…to ensure the data is considered an external `JsonObject`. Forces the use of a `getData` function instead of accessing the `.data` property directly. The function returns the proper type. Part of ampproject#9876
…to ensure the data is considered an external `JsonObject`. Forces the use of a `getData` function instead of accessing the `.data` property directly. The function returns the proper type. Part of ampproject#9876
…to ensure the data is considered an external `JsonObject`. Forces the use of a `getData` function instead of accessing the `.data` property directly. The function returns the proper type. Part of #9876
And some follow up fixes caught by that. Part of ampproject#9876
Who knew that we hadn't finished this? :) Part of ampproject#9876
Who knew that we hadn't finished this? :) Part of #9876
Who knew that we hadn't finished this? :) Part of ampproject#9876
Who knew that we hadn't finished this? :) Part of ampproject#9876
Who knew that we hadn't finished this? :) Part of ampproject#9876
Who knew that we hadn't finished this? :) Part of #9876
Tightens type for `Element.prototype.dataset` to be an `@dict` object that requires property access. Part of ampproject#9876
We enforce via the linter (ampproject#10107) that arguments to `dict` are object literals. So, there is no need to copy. Part of ampproject#9876
Tightens type for `Element.prototype.dataset` to be an `@dict` object that requires property access. Part of ampproject#9876
This issue seems to be in Pending Triage for awhile. @cramforce Please triage this to an appropriate milestone. |
2 similar comments
This issue seems to be in Pending Triage for awhile. @cramforce Please triage this to an appropriate milestone. |
This issue seems to be in Pending Triage for awhile. @cramforce Please triage this to an appropriate milestone. |
@erwinmombay and me are preparing the AMP code base for more aggressive optimizations in the closure compiler.
Right now only private properties are obfuscated. Soon, among other things, all properties will be obfuscated unless we stop them.
That means stuff like
foo.mutateElement
might become a.a;saving lots of bytes :)
However, it also means that if you so something like
JSON.stringify({type: 'abc'})
then
type
might be obfuscated, but the party that parsrs the json (Say youtube) might have had no idea and break.For this reason you must now always quote properties like {'type': 'abc'} or foo['type'] when accessing properties that come from an external source. That is unless you created an "Extern" for the type (beyond the scope of this email).
I submitted a bunch of PRs
#9876, #9960
that use the type system to enforce y'all doing this right as much as possible.
It might, however, miss some stuff. E.g. json['foo'].bar is not an error, but would break. You have to write json['foo']['bar']
There might be more cases that the typing doesn't catch. If you find a case where you think a property should be quoted, but the compiler doesn't yell at you, please ping me.
The cases where we need to be careful are:
Tasks:
JSON.parse
JSON.stringify
sendMessage
and friends.parseQueryString
event.data
forMessage
events.dataset
andclasslist
The text was updated successfully, but these errors were encountered: