0
Files
src/third_party
Daniel Vogelheim 17c5384ab1 [Trusted Types] Add Console warning for (some) TT-related failures
The Function constructor is defined in terms of string operations, and will
thus string-ify its arguments before constructing the actual function.
TrustedScript instances passed into the Function constructor will thus work
as specified, but not as expected, and their contents will still undergo the
TT check. Fixing this requires ECMAScript changes in TC39, which are being
considered, but not(yet?) approved. This adds a message to alert developers
to this pitfall. See issue for details.

Bug: 1087743
Change-Id: If414e6476bd778203e7f69f7d6a78019f26c5034
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2246149
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#780370}
2020-06-19 18:02:21 +00:00
..
2020-06-18 21:50:25 +00:00
2020-06-02 13:44:02 +00:00
2020-06-09 21:19:52 +00:00
2020-06-18 19:25:43 +00:00

Name: Descriptive name of the package
Short Name: Name the package is distributed under (ex. libxml, openssl, etc)
URL: The URL where the package lives
Version: A searchable version number for the package (if the package does not version or is versioned by date or revision this field should be "0" and the revision, or date should be enumerated in the appropriate field)
Date: (OPTIONAL if version is supplied) The date that the package was updated
Revision: (OPTIONAL if version is supplied) The current revision of the package
License: The license under which the package is distributed. Standard forms are only accepted, eg MIT/X11/BSD/Apache 2.0/GPL/LGPL. See ANDROID_WHITELISTED_LICENSES in PRESUBMIT.py for allowed patterns.
License File: (OPTIONAL) File that contains a copy of the package's license. Use the special value NOT_SHIPPED to indicate that the package is not included in the shipped product, so its license does not need to be included in about:credits and no license file is required.
Security Critical: Either yes or no depending on whether this package is shipped in releases. For example openssl is critical where cygwin is not.
License Android Compatible: (OPTIONAL) Whether the package uses a license compatible with Android. Required only if the package is compatible and the 'License' field uses a non-standard value.
CPEPrefix: (OPTIONAL) A 'common platform enumeration' version 2.2, as per https://nvd.nist.gov/products/cpe/search, which represents the upstream package. This will be used to report known vulnerabilities in the upstream software package, such that we can be sure to merge fixes for those vulnerabilities. Please ensure you're using the closest applicable upstream version, according to the standard format for the CPE for that package. For example, cpe:/a:xmlsoft:libxslt:1.0.10. If no CPE is available for the package, please specify "unknown". If you're using a patched or modified version which is halfway between two public versions, please "round downwards" to the lower of the public versions (it's better for us to be notified of false-positive vulnerabilities than false-negatives).

Description:
A short description of what the package is and is used for.

Local Modifications:
Enumerate any changes that have been made locally to the package from the shipping version listed above.