Document the contract of each component that performs a security-critical task

amohanta / google-caja

Automatically exported from code.google.com/p/google-caja

0 stars 0 forks source link

Document the contract of each component that performs a security-critical task #608

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

For example, for the HTML sanitizer, specify what "sanitized HTML" consists
of.  And so on, for each component that makes some sort of security promise:
clearly specify the security promise so that a reviewer or maintainer can,
given example input/output, tell whether the component has succeeded at
upholding its promise.

Original issue reported on code.google.com by zestyping on 14 Jun 2008 at 12:05

GoogleCodeExporter commented 9 years ago

(Split this out into individual issues as necessary for each component.)

Original comment by zestyping on 14 Jun 2008 at 12:05

GoogleCodeExporter commented 9 years ago

Original comment by davidsar...@googlemail.com on 15 Jun 2008 at 3:15

GoogleCodeExporter commented 9 years ago

Original comment by erights on 8 Sep 2008 at 1:12

Added labels: Type-DocDefect

GoogleCodeExporter commented 9 years ago

Prioritizing as "low" refactoring the server-side cajoler to improve 
maintainability - future improvements are based around the client side rewriter.

Original comment by jas...@gmail.com on 6 Mar 2013 at 7:36

Added labels: Priority-Low
Removed labels: Priority-Medium

GoogleCodeExporter commented 9 years ago

Original comment by erights on 11 Jul 2013 at 6:57

Added labels: SES

GoogleCodeExporter commented 9 years ago

Original comment by kpreid@google.com on 7 Nov 2013 at 8:30

Added labels: Component-SES
Removed labels: SES