Loading ...
Sorry, an error occurred while loading the content.

Dangerous Comments

Expand Messages
  • Chris
    Hello, Line 1481 of fulljslint.js warns us of potentially dangerous comments. It does this using a regular expression in the variable ax , defined on line
    Message 1 of 5 , Nov 17, 2010
    • 0 Attachment
      Hello,

      Line 1481 of fulljslint.js warns us of potentially dangerous comments. It does this using a regular expression in the variable "ax", defined on line 930:

      ax = /@cc|<\/?|script|\]*s\]|<\s*!|</i

      https://github.com/douglascrockford/JSLint/blob/d4a0702b45ba8e7c54e528914ca174b2ec7a46e7/fulljslint.js#L930

      This regex contains several patterns separated by the "or" glyph. One of these is:

      \]*s\]

      This appears to match zero or many closing square brackets, followed by the letter s, followed by an opening square bracket:

      ]]]]s]

      or just:

      s]

      I have a comment that matches this, but I don't understand why it would be dangerous. Could anybody shed some light on what this is for?

      Thanks!
      - Chris
    • abyssoft@ymail.com
      Interesting, but I am not able to replicate the error. I ve tried various formatting of a comment. can you provide a snippet I d love to see this.
      Message 2 of 5 , Nov 18, 2010
      • 0 Attachment
        Interesting, but I am not able to replicate the error.
        I've tried various formatting of a comment. can you provide a snippet I'd love to see this.


        --- In jslint_com@yahoogroups.com, "Chris" <Nielsen.Chris@...> wrote:
        >
        > Hello,
        >
        > Line 1481 of fulljslint.js warns us of potentially dangerous comments. It does this using a regular expression in the variable "ax", defined on line 930:
        >
        > ax = /@cc|<\/?|script|\]*s\]|<\s*!|</i
        >
        > https://github.com/douglascrockford/JSLint/blob/d4a0702b45ba8e7c54e528914ca174b2ec7a46e7/fulljslint.js#L930
        >
        > This regex contains several patterns separated by the "or" glyph. One of these is:
        >
        > \]*s\]
        >
        > This appears to match zero or many closing square brackets, followed by the letter s, followed by an opening square bracket:
        >
        > ]]]]s]
        >
        > or just:
        >
        > s]
        >
        > I have a comment that matches this, but I don't understand why it would be dangerous. Could anybody shed some light on what this is for?
        >
        > Thanks!
        > - Chris
        >
      • Chris
        ... Hello, Here is a snippet that will produce the Dangerous Comment message with all JSLint options in their default state (off): //
        Message 3 of 5 , Nov 18, 2010
        • 0 Attachment
          --- In jslint_com@yahoogroups.com, "abyssoft@..." <abyssoft@...> wrote:
          >
          > Interesting, but I am not able to replicate the error.
          > I've tried various formatting of a comment. can you provide a snippet I'd love to see this.
          >

          Hello,

          Here is a snippet that will produce the "Dangerous Comment" message with all JSLint options in their default state (off):

          <html>
          <head>
          <script>
          // This is a dangerous] comment.
          </script>
          </head>
          </html>




          The effect can also be triggered without HTML, if "Safe Subset" is active. So, this snippet will also do it:


          /*jslint safe: true */
          "use strict";
          // This is a dangerous] comment.



          Thanks!

          - Chris
        • Douglas Crockford
          ... Please try it now.
          Message 4 of 5 , Nov 18, 2010
          • 0 Attachment
            --- In jslint_com@yahoogroups.com, "Chris" <Nielsen.Chris@...> wrote:

            > Line 1481 of fulljslint.js warns us of potentially dangerous comments. It does this using a regular expression in the variable "ax", defined on line 930:
            >
            > ax = /@cc|<\/?|script|\]*s\]|<\s*!|</i
            >
            > I have a comment that matches this, but I don't understand why it would be dangerous.

            Please try it now.
          • Chris
            ... This works fine, thank you!
            Message 5 of 5 , Nov 18, 2010
            • 0 Attachment
              --- In jslint_com@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
              >
              > --- In jslint_com@yahoogroups.com, "Chris" <Nielsen.Chris@> wrote:
              >
              > > I have a comment that matches this, but I don't understand why it would be dangerous.
              >
              > Please try it now.
              >

              This works fine, thank you!
            Your message has been successfully submitted and would be delivered to recipients shortly.