- From: Aymeric Vitte <vitteaymeric@gmail.com>
- Date: Wed, 17 Jul 2013 11:41:07 +0200
- To: Arun Ranganathan <arun@mozilla.com>
- CC: "public-webcrypto@w3.org Group (public-webcrypto@w3.org)" <public-webcrypto@w3.org>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Did you see the remark too for https (get src)? Maybe you can dare
putting something like an eval too after thre code retrieval mentioning
that's it's not necessarly unsafe or evil, so we know what happens with
the code.
I would find more logical to use the json object instead of the
stringified one, since the stringification is used to pass the object
via xhr or other, not to handle it in js code.
Regards
Aymeric
Le 16/07/2013 16:38, Arun Ranganathan a écrit :
> On Jul 15, 2013, at 6:57 PM, Aymeric Vitte wrote:
>
>> Hi Arun,
>>
>> Some small comments after a quick review (sorry limited time right now) :
>>
>> - is it on purpose that you are using "==" instead of "==="?
>>
>
> Not quite on purpose, so I've fixed this! "==" is simply a bad habit.
>
>
>> - Code sancity and ... :
>> .then(function(digest) {if (ok) {} else {get src}}, function(error) {get src})
>> No?
>
> Yes! Fixed.
>
>
>> and get src should be https since you mention the origin is tls
>>
>> - Webmail :
>> window.crypto.subtle.importKey("jwk", jwkKey,..) --> window.crypto.subtle.importKey("jwk", jwkKeyObject,...)
>>
>
> So this is still an active discussion on the listserv, IMHO, and has not stabilized, which is why I left both options open. Do we use the JSON.parse variant, or the stringified JSON notation variant? I'm not sure yet.
>
> -- A*
>
--
jCore
Email : avitte@jcore.fr
iAnonym : http://www.ianonym.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
Web : www.jcore.fr
Extract Widget Mobile : www.extractwidget.com
BlimpMe! : www.blimpme.com
Received on Wednesday, 17 July 2013 09:41:41 UTC