Tasks TODO [20101101T234153]

By Owner

By File

By Owner

erights

cajita.js:33 (erights)
All code text in comments should be enclosed in {@code ...}.
cajita.js:72 (erights)
Move such extensions to a separate extensions.js.
cajita.js:80 (erights)
Really, to follow ES5, Date.prototype.toISOString
cajita.js:409 (erights)
We may deprecate this in favor of <pre>
cajita.js:562 (erights)
Analyze the security implications
cajita.js:595 (erights)
Detect whether this is a valid constructor
cajita.js:666 (erights)
walk prototype chain.
cajita.js:730 (erights)
Object(<primitive>) wrappers should also be
cajita.js:983 (erights)
Having a fastpath flag for this probably doesn't
cajita.js:1042 (erights)
We should probably
cajita.js:1071 (erights)
Given that we maintain the invariant that
cajita.js:1115 (erights)
Given that we maintain the invariant that
cajita.js:1368 (erights)
Should add a debugging flag to enable
cajita.js:1426 (erights)
Should
cajita.js:1972 (erights)
To avoid accidents, <tt>markXo4a</tt>,
cajita.js:2051 (erights)
non-user-hostile error message
cajita.js:2133 (erights)
Once ES5 settles, revisit this and
cajita.js:2207 (erights)
Once we have ES5ish attribute control, it
cajita.js:2212 (erights)
Revisit this case
cajita.js:2622 (erights)
Find out if this is still the plan.
cajita.js:2649 (erights)
consider
cajita.js:2879 (erights)
domita would currently generate this warning,
cajita.js:2888 (erights)
See above TODO note.
cajita.js:3831 (erights)
The only remaining use as of this writing is
cajita.js:4038 (erights)
Not clear that this is the performant
cajita.js:4121 (erights)
revisit once we do ES5ish attribute control.
Rewriter.java:238 (erights)
consider returning a defensive copy rather than
Permit.java:64 (erights)
Add case for dotted path expression.
Permit.java:87 (erights)
encode (or at least sanitize) key
PermitTemplate.java:44 (erights)
to be read in from a JSON config
DefaultValijaRewriter.java:92 (erights)
If we ever turn on taint checking for
DefaultValijaRewriter.java:817 (erights)
Need a general way to expand readModifyWrite lValues.
Rule.java:457 (erights)
These rules should be independent of whether we're writing
Scope.java:711 (erights)
Permit should generate a JSON AST directly,
CajitaRewriter.java:1347 (erights)
Need a general way to expand lValues
CajitaRewriter.java:1368 (erights)
Need a general way to expand lValues
CajitaRewriter.java:1395 (erights)
Need a general way to expand readModifyWrite lValues.
ES53Rewriter.java:1258 (erights)
Need a general way to expand lValues
ES53Rewriter.java:1279 (erights)
Need a general way to expand lValues
ES53Rewriter.java:1304 (erights)
Need a general way to expand readModifyWrite lValues.
CajaRuntimeDebuggingRewriter.java:52 (erights)
Nothing is gained by having this be a partial override of
domita.js:1711 (erights)
Come up with some notion of a keeper chain so we can
es53.js:210 (erights)
We should probably
es53.js:239 (erights)
Given that we maintain the invariant that
es53.js:283 (erights)
Given that we maintain the invariant that
es53.js:1221 (erights)
We may deprecate this in favor of <pre>
es53.js:1422 (erights)
Not clear that this is the performant
es53.js:1778 (erights)
The only remaining use as of this writing is
es53.js:1817 (erights)
Find out if this is still the plan.
valija-cajita.js:120 (erights)
Once EcmaScript and Valija allow patterns in parameter
valija-cajita.js:188 (erights)
If the resolution of bug #814 is for
valija-cajita.js:275 (erights)
figure out why things break when the
valija-cajita.js:348 (erights)
Investigate why things break if the following line
valija-cajita.js:355 (erights)
Why are we testing for the empty string here?
valija-cajita.js:452 (erights)
fix this once DONTENUM properties are better
CommonJsRewriterTestCase.java:124 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:150 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:176 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:205 (erights)
failure should no longer be an option on (S)ES5/3.
CajitaRewriterTest.java:400 (erights)
This test isn't green because we haven't yet fixed the bug.
CajitaRewriterTest.java:416 (erights)
Need more tests.
CajitaRewriterTest.java:2440 (erights)
Fix when bug 956 is fixed.
DefaultValijaRewriterTest.java:629 (erights)
Fix when bug 953 is fixed.
DefaultValijaRewriterTest.java:637 (erights)
Fix when bug 953 is fixed.
ES53RewriterTest.java:204 (erights)
Fix these tests to test for the output we now expect.
ES53RewriterTest.java:354 (erights)
Fix when bug 953 is fixed.
ES53RewriterTest.java:620 (erights)
Need more tests.

erights,ihab

SyntheticNodes.java:20 (erights,ihab)
Remove the concept of "synthetic" entirely.

felix8a

domita_test_untrusted.html:2091 (felix8a)
also need to test when onload isn't set

ihab.awad

InvalidArgumentsException.java:21 (ihab.awad)
Would a {@link com.google.caja.reporting.MessageType} be
InnocentHandler.java:76 (ihab.awad)
Fix the "unrecoverable" error responses throughout
cajita.js:35 (ihab.awad)
Missing tests in CajitaTest.java for the functionality
Scope.java:132 (ihab.awad)
importedVariables is only used by the root-most scope; it
Scope.java:301 (ihab.awad)
Uses private access to 's' which is of same class but distinct
Scope.java:319 (ihab.awad)
Uses private access to 's' which is of same class but distinct
Scope.java:535 (ihab.awad)
Refactor to use standard Caja Visitor. Currently not
Scope.java:598 (ihab.awad)
Change the ParseTreeNode type for the right hand sides
RuleDescription.java:58 (ihab.awad)
Add metadata for a rule indicating that it always fails,
CajitaRewriter.java:327 (ihab.awad)
originalSource
CajitaRewriter.java:328 (ihab.awad)
sourceLocationMap
CajitaRewriter.java:329 (ihab.awad)
imports
CajitaRewriter.java:330 (ihab.awad)
manifest
QuasiNode.java:88 (ihab.awad)
As a special case, an Identifier with a null value is
ES53Rewriter.java:336 (ihab.awad)
originalSource
ES53Rewriter.java:337 (ihab.awad)
sourceLocationMap
ES53Rewriter.java:338 (ihab.awad)
imports
ES53Rewriter.java:339 (ihab.awad)
manifest
CajoledModule.java:42 (ihab.awad)
This class relies on
CompileHtmlStage.java:82 (ihab.awad)
We do *not* want to support multiple HTML files
DebuggingSymbolsStage.java:166 (ihab.awad)
http://code.google.com/p/google-caja/issues/detail?id=994
DebuggingSymbolsStage.java:185 (ihab.awad)
http://code.google.com/p/google-caja/issues/detail?id=994
SafeHtmlMaker.java:341 (ihab.awad)
Will add UncajoledModule wrapper when we no longer
TemplateCompiler.java:237 (ihab.awad)
Investigate why this is the right criterion to use.
domita.js:35 (ihab.awad)
Our implementation of getAttribute (and friends)
domita.js:47 (ihab.awad)
Come up with a uniform convention (and helper functions,
domita.js:197 (ihab.awad)
Improve implementation (interleaving, memory leaks)
domita.js:267 (ihab.awad)
Do we need more attributes of the event than 'target'?
domita.js:321 (ihab.awad)
send()-ing an empty string because send() with no
domita.js:327 (ihab.awad)
Expect tamed XML document; unwrap and send
domita.js:361 (ihab.awad)
Implement a taming layer for XML. Requires generalizing
domita.js:592 (ihab.awad)
Does this work on IE, where console output
domita.js:2564 (ihab.awad)
Due to the following bug:
domita.js:3795 (ihab.awad)
Implement
domita.js:3999 (ihab.awad)
Build a more sophisticated virtual class hierarchy by
BuildServiceImplementation.java:137 (ihab.awad)
Need to pass in the URI rewriter from the build
bridal.js:284 (ihab.awad)
How do we emulate 'useCapture' here?
bridal.js:316 (ihab.awad)
How do we emulate 'useCapture' here?
searchengine.js:25 (ihab.awad)
In un-cajoled code, use ___ instead of _ to indicate
events.js:49 (ihab.awad)
Support sending more (variable) arguments with fire()
introducer.js:286 (ihab.awad)
makeProvider: makeProvider, */
CajitaRewriterTest.java:208 (ihab.awad)
Enhance test framework to allow "before" and "after"
CajitaRewriterTest.java:600 (ihab.awad)
The below should throw MessageType.MASKING_SYMBOL at
CajitaRewriterTest.java:1469 (ihab.awad)
Once permit templates can be loaded dynamically, create
CajitaRewriterTest.java:1498 (ihab.awad)
The below test is not as complete as it should be
CajitaRewriterTest.java:2100 (ihab.awad)
SECURITY: Re-enable by reading (say) x.foo, and
DefaultValijaRewriterTest.java:437 (ihab.awad)
SECURITY: Re-enable by reading (say) x.foo, and
RewriterTestCase.java:70 (ihab.awad)
Refactor tests to use checkAddsMessage(...) instead
RewriterTestCase.java:146 (ihab.awad)
Change dependents to use checkAddsMessage and
RewriterTestCase.java:149 (ihab.awad)
Change checkAddsMessage and similar functions to check
domita_test_untrusted.html:888 (ihab.awad)
Add negative tests when virtual hierarchy is improved:
ServiceTestCase.java:146 (ihab.awad)
Change tests to use structural equality (via quasi

jasvir

CajolingService.java:161 (jasvir)
Change CajaArguments to handle >1 occurrence of arg
HttpStatus.java:20 (jasvir)
Use a standard class or move to appropriate package
CajolingServlet.java:99 (jasvir)
The service like the gwt version should accumulate
CssPropertyPatterns.java:405 (jasvir)
Clarify the meaning of (a||b)* and modify this function
GWTCajolingServiceImpl.java:78 (jasvir)
URIs in some contexts (such as links to new pages) should
GWTCajolingServiceImpl.java:116 (jasvir)
Outline this and all the other examples of cajole
PlaygroundService.java:38 (jasvir)
Fetching ought to be done via a separate service
policy.js:28 (jasvir)
rewrite attributes
Playground.css:20 (jasvir)
Consider inlining into Playground.html to eliminate roundtrip
BenchmarkSize.java:40 (jasvir)
Find a nice collection of "typical" html files!
CssParserTest.java:169 (jasvir)
Should whitespace after the units in quantities be escaped
FuzzedParserTest.java:24 (jasvir)
These tests were generated by the fuzzer - distill them to

kpreid

cajita-module.js:41 (kpreid)
explain static (sync) loading module id semantics.
caja.js:114 (kpreid)
justify this set of refs as being sufficient to do
host-tools.js:42 (kpreid)
the above probably does the wrong thing in the case where
host-tools.js:53 (kpreid)
allow subbing module id resolver
host-tools.js:54 (kpreid)
Using XHR loader didn't work; why?
host-tools.js:82 (kpreid)
This needs to be redefined in terms of effect/loader;
host-tools.js:155 (kpreid)
do we want to reject multiple attach attempts?
container-interaction.html:19 (kpreid)
At least, that used to be true. The info on that page is tied
embedded-scripts.js:25 (kpreid)
have a sensible default instead of this app needing it
cajole.py:80 (kpreid)
Use URL Fetch async requests for parallelism/network
cajole.py:104 (kpreid)
complain to app engine about not being able to
cajole.py:125 (kpreid)
when not debugging, DO put in cache with a shorter timeout
host-tools-test.js:48 (kpreid)
do this with nice output without using jsUnitCore internals?
host-tools-test.js:198 (kpreid)
When the whole URI-policy-implementation thing is cleaned
HostToolsTest.java:26 (kpreid)
Figure out why RhinoTestBed.runJsUnittestFromHtml isn't
BrowserTestCase.java:58 (kpreid)
deploy the already-configured war instead of manually

metaweta

cajita.js:2047 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2050 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2054 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2061 (metaweta)
make this a cajita-uncatchable exception
Rule.java:537 (metaweta)
Figure out a way to leave key alone and
ES53Rewriter.java:759 (metaweta)
Use fastpath
ES53Rewriter.java:958 (metaweta)
Use fastpath.
ES53Rewriter.java:983 (metaweta)
Use fastpath.
ES53Rewriter.java:1645 (metaweta)
Do a lighter-weight wrapping when the function
ES53Rewriter.java:1690 (metaweta)
Only use closure if it's really recursive.
domita.js:1789 (metaweta)
Add code to list all the other handled stuff we know
domita.js:1975 (metaweta)
Add code to list all the other handled stuff we know
domita.js:3094 (metaweta)
Add code to list all the other handled stuff we know
es53.js:4402 (metaweta)
Deprecate this API, since it requires that we leave
HtmlCompiledPluginTest.java:60 (metaweta)
Move as many of these as possible to
domita_test_untrusted.html:1171 (metaweta)
This test should be replaced by ones for the proper

mikesamuel

cajita-debugmode.js:27 (mikesamuel)
how to collect logging.
cajita-debugmode.js:292 (mikesamuel)
should userException be defined as identity in
Escaping.java:446 (mikesamuel)
Once IE allows escapes inside URLs, then
UriUtil.java:189 (mikesamuel)
stop using java.net.URI and use a decent URL
HtmlLexer.java:404 (mikesamuel)
rewrite with a transition table or just use ANTLR
CssLexer.java:33 (mikesamuel)
CSS2.1 has changed lexical conventions to effectively
CssLexer.java:46 (mikesamuel)
all clients should pass in a proper queue
MessageType.java:26 (mikesamuel)
rename this to CommonMessageType and rename
HtmlHandler.java:92 (mikesamuel)
this is not a valid assumption.
Criterion.java:23 (mikesamuel)
replace "may be null" and "not null" shorthands with
Criterion.java:25 (mikesamuel)
replace with com.google.common.Predicate and the
HtmlSchema.java:140 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue
HtmlSchema.java:144 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue
HtmlSchema.java:148 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue
CssSchema.java:188 (mikesamuel)
Is there any value in enumerating elements?
AlphaRenamingRewriter.java:241 (mikesamuel)
skip if the self name is never used.
TrailingUnderscoresHole.java:73 (mikesamuel)
can this move from the superclass into a sibling class?
DefaultValijaRewriter.java:113 (mikesamuel)
check after Kona meeting
DefaultValijaRewriter.java:827 (mikesamuel)
better lower limit
DefaultValijaRewriter.java:866 (mikesamuel)
better lower bound
DefaultValijaRewriter.java:876 (mikesamuel)
Figure out when post increments are being
CajitaRewriter.java:288 (mikesamuel)
How does this work? Why not return node?
CajitaRewriter.java:551 (mikesamuel)
once decls consolidated, no need to add to
CajitaRewriter.java:777 (mikesamuel)
limit
CajitaRewriter.java:820 (mikesamuel)
limit further
CajitaRewriter.java:1018 (mikesamuel)
Limit further
CajitaRewriter.java:1405 (mikesamuel)
better lower limit
CajitaRewriter.java:1438 (mikesamuel)
better lower bound
CajitaRewriter.java:1448 (mikesamuel)
Figure out when post increments are being
ES53Rewriter.java:297 (mikesamuel)
How does this work? Why not return node?
ES53Rewriter.java:522 (mikesamuel)
once decls consolidated, no need to add to
ES53Rewriter.java:743 (mikesamuel)
limit
ES53Rewriter.java:796 (mikesamuel)
limit further
ES53Rewriter.java:1314 (mikesamuel)
better lower limit
ES53Rewriter.java:1348 (mikesamuel)
better lower bound
ES53Rewriter.java:1358 (mikesamuel)
Figure out when post increments are being
AbstractElementStack.java:151 (mikesamuel)
check against XML&HTML definitions of whitespace.
CssTree.java:1319 (mikesamuel)
maybe enforce the convention that there are matched
Statement.java:30 (mikesamuel)
breaksReaching should probably take a parameter of type
Statement.java:32 (mikesamuel)
rename breaks and continues to collectBreakTargets and
LabeledStmtWrapper.java:32 (mikesamuel)
Investigate whether use of continue to a non loop
LabeledStmtWrapper.java:34 (mikesamuel)
Do we want to remove labelling of non-loop statements
LabeledStmtWrapper.java:36 (mikesamuel)
Erase the distinction between LabeledStmtWrapper and
ParserBase.java:184 (mikesamuel)
is this true?
ParseTreeNodeContainer.java:58 (mikesamuel)
this should never be rendered since rendering a group
AbstractParseTreeNode.java:145 (mikesamuel)
maybe reliably throw an exception type, that includes
OpenTemplateStage.java:52 (mikesamuel)
this could probably be more simply done as a
ValidateCssStage.java:52 (mikesamuel)
build up a list of classes and ids for use in
ResolveUriStage.java:71 (mikesamuel)
this is problematic for DOM nodes parsed without
SafeHtmlMaker.java:506 (mikesamuel)
do we need to emit a static attribute when the
SafeHtmlMaker.java:572 (mikesamuel)
can we get rid of this noop by getting rid of the
Config.java:53 (mikesamuel)
make this subclassable so opensocial specific flags can be
Config.java:110 (mikesamuel)
remove once JS uri policy is okay
html-sanitizer.js:187 (mikesamuel)
validate sanitizer regexs against the HTML5 grammar at
html-sanitizer.js:404 (mikesamuel)
relying on sanitizeAttributes not to
domita.js:1029 (mikesamuel)
integrate cajita compiler to allow arbitrary
domita.js:1045 (mikesamuel)
determine mime type properly.
domita.js:1100 (mikesamuel)
make sure it really is a DOM node
domita.js:1570 (mikesamuel)
upward navigation breaks capability discipline.
domita.js:2045 (mikesamuel)
make nodeClasses work.
domita.js:2970 (mikesamuel)
make sure event doesn't propagate to dispatched
domita.js:2980 (mikesamuel)
make sure event doesn't propagate to dispatched
domita.js:3116 (mikesamuel)
create a proper class for BODY, HEAD, and HTML along
domita.js:3664 (mikesamuel)
remove these, and only expose them via window once
domita.js:3680 (mikesamuel)
figure out a mechanism by which the container can
domita.js:3749 (mikesamuel)
Implement in terms of
domita.js:3970 (mikesamuel)
define on prototype.
CssRewriter.java:545 (mikesamuel)
check argument if child now a FunctionCall
CssRewriter.java:741 (mikesamuel)
for content: and other URI types, use
BuildServiceImplementation.java:389 (mikesamuel)
limit to JSON
bridal.js:149 (mikesamuel)
should we whitelist nodes here, to e.g. prevent
bridal.js:240 (mikesamuel)
can bubbling and cancelable on events be simulated
bridal.js:248 (mikesamuel)
when we change event dispatching to happen
CssValidator.java:896 (mikesamuel)
this is currently 6 instead of 4 because it also limits
rrule-cajita.js:194 (mikesamuel)
don't need a list here
rrule-cajita.js:206 (mikesamuel)
the spec is not clear on this. Treat the week
rrule-cajita.js:242 (mikesamuel)
filter byWeekNo and write unit tests
rrule-cajita.js:256 (mikesamuel)
filter byWeekNo and write unit tests
rrule-cajita.js:306 (mikesamuel)
if count is large, we might try predicting the end
rrule-cajita.js:311 (mikesamuel)
warn
rrule-cajita.js:348 (mikesamuel)
if we allow iteration more frequently than daily
rrule-cajita.js:602 (mikesamuel)
apply byhour, byminute, bysecond rules here
event_store.js:108 (mikesamuel)
look at tzid
event_store.js:116 (mikesamuel)
translate to start tzid
event_store.js:125 (mikesamuel)
handle multiple RRULES, EXRULES, RDATES, EXDATES
html-interp.js:1102 (mikesamuel)
if there's an easy way to interleave bits when
hcalendar.js:328 (mikesamuel)
resolve the href attrib relative to globalProps.url?
hcalendar.js:333 (mikesamuel)
resolve the href attrib relative to globalProps.url?
hcalendar.js:341 (mikesamuel)
other url node/attrib pairs?
package.html:34 (mikesamuel)
write me
package.html:73 (mikesamuel)
write me
filters-cajita.js:81 (mikesamuel)
according to section 4.3.10
instanceGenerators-cajita.js:172 (mikesamuel)
this may be premature. If needed, We could
PlaygroundView.java:318 (mikesamuel)
extract this a better way once we're providing module
ConstLocalOptimization.java:322 (mikesamuel)
20 is a tuning parameter.
ParseTreeKB.java:189 (mikesamuel)
what do we do about the fact that (0 === -0)?
ParseTreeKB.java:204 (mikesamuel)
Is this useful? When, in a comparison,
JsOptimizer.java:116 (mikesamuel)
use the message queue passed to the ctor once Scope no
StatementSimplifier.java:588 (mikesamuel)
if c is simple and not a global reference, optimize
StatementSimplifier.java:738 (mikesamuel)
limit to local references not in with blocks.
StatementSimplifier.java:959 (mikesamuel)
eliminate dead branches in if statements.
StatementSimplifier.java:960 (mikesamuel)
simplify empty loops
StatementSimplifier.java:961 (mikesamuel)
fold string appends in + statements
ConstantPooler.java:101 (mikesamuel)
choose a guaranteed non-interfering name.
ExitModes.java:243 (mikesamuel)
refactor this
Linter.java:460 (mikesamuel)
check locals and formals used
Linter.java:553 (mikesamuel)
replace with jsdoc comment parser
StaticFiles.java:99 (mikesamuel)
SVN has it in svn:mime-type, but that is not
VariableLivenessTest.java:747 (mikesamuel)
should work if there is a break here.
LinterTest.java:484 (mikesamuel)
ConfigUtilTest.java:30 (mikesamuel)
better file positions for error messages.
bitset_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
filters_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
generators_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
rrule_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
time_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
time_util_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->
time_util_test.js:97 (mikesamuel)
check that these answers are right
CssSchemaTest.java:54 (mikesamuel)
test getSymbol
CssTreeTest.java:219 (mikesamuel)
test rendering of @imports, @page, @font-face,
CssTreeTest.java:221 (mikesamuel)
test rendering of unicode range literals.
DomParserTest.java:1068 (mikesamuel)
this error message seems to be a bug.
ParserTest.java:52 (mikesamuel)
better comment each of the test input files.
IhtmlSanityCheckerTest.java:331 (mikesamuel)
move parameters into a separate namespace so they
CssRewriterTest.java:335 (mikesamuel)
fix message. "fixed" is well-formed but disallowed.
CssValidatorTest.java:1068 (mikesamuel)
We could break the position rule into multiple
domita_test.html:344 (mikesamuel)
rewrite XHR and setTimeout tests to use this scheme.
domita_test.html:458 (mikesamuel)
write this properly.
domita_test_untrusted.html:657 (mikesamuel)
enable for all node-types once EQ fixed on IE
domita_test_untrusted.html:664 (mikesamuel)
enable for all node-types once EQ fixed on IE
domita_test_untrusted.html:1067 (mikesamuel)
This is wrong because we don't allow the insertion point
domita_test_untrusted.html:1724 (mikesamuel)
test that getElementsByTagName and getElementsByClassName
MoreAsserts.java:36 (mikesamuel)
maybe actually diff using
MoreAsserts.java:49 (mikesamuel)
maybe actually diff using
RhinoTestBed.java:66 (mikesamuel)
maybe replace this with the JSR 223 stuff.

msamuel

StringLiteral.java:133 (msamuel)
move unescaping to Escaping.java -- nobody will look there
rrule_test.js:534 (msamuel)
implement hourly iteration
rrule_test.js:546 (msamuel)
implement minutely iteration
rrule_test.js:559 (msamuel)
implement minutely iteration
rrule_test.js:763 (msamuel)
is this right?
rrule_test.js:960 (msamuel)
check advancement of more examples

stay

HtmlCompiledPluginTest.java:124 (stay)
Once they decide on scoping & initialization rules, test

unknown

cajita-module.js:246 (unknown)
validate the response before eval it
InputElementSplitter.java:353 (unknown)
can this first clause go away?
Rule.java:316 (unknown)
If we ever have a cheap way to test whether result is used freely
CajitaRewriter.java:94 (unknown)
move this into scope if we use a single CajitaRewriter to rewrite
QuasiBuilder.java:402 (unknown)
support getters and setters in object quasis
ES53Rewriter.java:95 (unknown)
move this into scope if we use a single ES53Rewriter to rewrite
ES53Rewriter.java:413 (unknown)
(metaweta) Implement block scoping.
ES53Rewriter.java:559 (unknown)
(metaweta) Implement immutability auditor and then only allow
ES53Rewriter.java:932 (unknown)
It's not masking, it's replacing; invent a different error.
ES53Rewriter.java:2094 (unknown)
use a whitelist, deactivate the rest by replacing with
Nodes.java:301 (unknown)
do away with the below once Shindig has done away with Neko.
Nodes.java:466 (unknown)
do away with these once shindig has gotten rid of Neko
ObjectConstructor.java:26 (unknown)
audit all places where (instanceof Expression) is used since we have
SwitchCase.java:31 (unknown)
instead of using a block, introduce a statement collection as a super
InferFilePositionsStage.java:54 (unknown)
Once I have network access, figure out if this is here because of a mis-merge?
OpenTemplateStage.java:385 (unknown)
output to a message queue
IHTML.java:118 (unknown)
html-sanitizer.js:101 (unknown)
&pi; is different from &Pi;
html-emitter.js:94 (unknown)
We could append the cajoled HTML to existing contents of the
domita.js:1834 (unknown)
If they are not under the same virtual doc root, return
domita.js:3193 (unknown)
If they are not under the same virtual doc root, return
domita.js:3604 (unknown)
maybe whitelist the color names defined for CSS if the arg is a
domita.js:3751 (unknown)
expose a read-only version of the document
domita.js:3774 (unknown)
need a testcase for this
CssRewriter.java:644 (unknown)
caja.js:94 (unknown)
Put a class on this so if the host page cares about 'all iframes'
bridal.js:209 (unknown)
Safari 2's defaultView wasn't a window object :(
CssValidator.java:1103 (unknown)
propagate error message
host-tools.js:108 (unknown)
review error handling -- are errors propagated and descriptive?
host-tools.js:125 (unknown)
does not support dependencies. Needs to tie in to
bank.js:24 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:25 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:26 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:27 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
string-interpolation.js:273 (unknown)
This implementation does not correctly handle [:Cf:] characters.
html-interp.js:72 (unknown)
check for apparent end tag
html-interp.js:237 (unknown)
escape format control characters
embedded-scripts.js:32 (unknown)
unsafe, need to check mimeType but that's not sufficient
package.html:737 (unknown)
package.html:740 (unknown)
package.html:743 (unknown)
the things that need to be TODOne.
package.html:747 (unknown)
|CAVEAT)\b/g);
package.html:757 (unknown)
' || part === 'CAVEAT') {
jsdoc.js:359 (unknown)
pull out error handling
searchbox.js:76 (unknown)
change flatten to start anew at every node
package.html:22 (unknown)
finish
package.html:339 (unknown)
package.html:342 (unknown)
AnnotationHandlers.java:119 (unknown)
implement
AnnotationHandlers.java:120 (unknown)
implement
AnnotationHandlers.java:124 (unknown)
add check to make sure that target is a function
AnnotationHandlers.java:132 (unknown)
implement
AnnotationHandlers.java:133 (unknown)
implement
AnnotationHandlers.java:236 (unknown)
implement proper Levenshtein edit-distance
AnnotationHandlers.java:861 (unknown)
parse @type and @this annotations even without {}s
JsdocRewriter.java:151 (unknown)
handle the first declaration in a multi-declaration
JsdocRewriter.java:386 (unknown)
handle getters and setters
ConstLocalOptimization.java:236 (unknown)
we can safely inline the reads that are okay.
ConstLocalOptimization.java:238 (unknown)
check that reads are in the same function
Reporter.java:66 (unknown)
don't do this.
Processor.java:327 (unknown)
use a JSON only lexer.
Processor.java:501 (unknown)
parameterize
es53.js:401 (unknown)
untameRecord isn't defined yet
es53.js:1094 (unknown)
Can all this JSON stuff be moved out of the TCB?
es53.js:1748 (unknown)
Should nonextensible objects be stampable?
es53.js:2893 (unknown)
The latest draft errata fixes this. We'll be ratifying
es53.js:3011 (unknown)
Where this is used, do we really want frozenness
AnnotationHandlersTest.java:467 (unknown)
the positions below seem to be wrong
EnvironmentChecksTest.java:30 (unknown)
make an ASCII-art Rhino.
ParseTreeKBTest.java:580 (unknown)
Could optimize out foo.
hcalendar_test.js:657 (unknown)
- do we need a special test for this? is x2v working"
hcalendar_test.js:889 (unknown)
- wait on MarkM to figure out what\'s up with this test."
hcalendar_test.js:919 (unknown)
not sure about this test
hcalendar_test.js:955 (unknown)
- not sure about this one -->",
hcalendar_test.js:1237 (unknown)
- I don\'t think attendee stuff is implemented in X2V"
hcalendar_test.js:1254 (unknown)
- should \'REQ-PARTICIPANT be lc\'ed? -->",
hcalendar_test.js:1260 (unknown)
- should mailto: be here? -->",
hcalendar_test.js:1391 (unknown)
- ask MarkM about this. Did he mean to use <del>? -->",
hcalendar_test.js:1439 (unknown)
- review the x2v formatting stuff for DESCRIPTION"
hcalendar_test.js:1506 (unknown)
-->",
hcalendar_test.js:1557 (unknown)
- eh? -->",
csssnippets5.txt:227 (unknown)
*/
csssnippets5.txt:230 (unknown)
*/
cssparserinput5.css:83 (unknown)
*/
DomParserTest.java:2472 (unknown)
Why is this here?
DomMembrane.java:26 (unknown)
should be weakly keyed, but only used for short lived tests.
CajitaRewriterTest.java:2461 (unknown)
Refactor the test cases so that we can use CajitaModuleRewriter
domita_test.html:336 (unknown)
async requirements are not counted in the test status.
domita_test_untrusted.html:1048 (unknown)
webdriver doesn't have a good way of testing relatedTarget.
domita_test_untrusted.html:1450 (unknown)
this test often causes ie6/ie7 to crash. figure out why
domita_test_untrusted.html:3435 (unknown)
can't verify focus changes in webdriver, because webdriver runs
jsunit.js:54 (unknown)
create jsunitRegisterAsync(), then make passes implicit.
BrowserTestCase.java:122 (unknown)
print a warning here?
host-iframe-test.js:74 (unknown)
arrange to reliably detect loading errors in loadCaja and report

By File

AnnotationHandlers.java

AnnotationHandlers.java:119 (unknown)
implement
AnnotationHandlers.java:120 (unknown)
implement
AnnotationHandlers.java:124 (unknown)
add check to make sure that target is a function
AnnotationHandlers.java:132 (unknown)
implement
AnnotationHandlers.java:133 (unknown)
implement
AnnotationHandlers.java:236 (unknown)
implement proper Levenshtein edit-distance
AnnotationHandlers.java:861 (unknown)
parse @type and @this annotations even without {}s

JsdocRewriter.java

JsdocRewriter.java:151 (unknown)
handle the first declaration in a multi-declaration
JsdocRewriter.java:386 (unknown)
handle getters and setters

jsdoc.js

jsdoc.js:359 (unknown)
pull out error handling

package.html

package.html:22 (unknown)
finish
package.html:339 (unknown)
package.html:342 (unknown)

searchbox.js

searchbox.js:76 (unknown)
change flatten to start anew at every node

ExitModes.java

ExitModes.java:243 (mikesamuel)
refactor this

Linter.java

Linter.java:460 (mikesamuel)
check locals and formals used
Linter.java:553 (mikesamuel)
replace with jsdoc comment parser

ConstLocalOptimization.java

ConstLocalOptimization.java:236 (unknown)
we can safely inline the reads that are okay.
ConstLocalOptimization.java:238 (unknown)
check that reads are in the same function
ConstLocalOptimization.java:322 (mikesamuel)
20 is a tuning parameter.

ConstantPooler.java

ConstantPooler.java:101 (mikesamuel)
choose a guaranteed non-interfering name.

JsOptimizer.java

JsOptimizer.java:116 (mikesamuel)
use the message queue passed to the ctor once Scope no

ParseTreeKB.java

ParseTreeKB.java:189 (mikesamuel)
what do we do about the fact that (0 === -0)?
ParseTreeKB.java:204 (mikesamuel)
Is this useful? When, in a comparison,

StatementSimplifier.java

StatementSimplifier.java:588 (mikesamuel)
if c is simple and not a global reference, optimize
StatementSimplifier.java:738 (mikesamuel)
limit to local references not in with blocks.
StatementSimplifier.java:959 (mikesamuel)
eliminate dead branches in if statements.
StatementSimplifier.java:960 (mikesamuel)
simplify empty loops
StatementSimplifier.java:961 (mikesamuel)
fold string appends in + statements

Processor.java

Processor.java:327 (unknown)
use a JSON only lexer.
Processor.java:501 (unknown)
parameterize

Reporter.java

Reporter.java:66 (unknown)
don't do this.

StaticFiles.java

StaticFiles.java:99 (mikesamuel)
SVN has it in svn:mime-type, but that is not

cajita-debugmode.js

cajita-debugmode.js:27 (mikesamuel)
how to collect logging.
cajita-debugmode.js:292 (mikesamuel)
should userException be defined as identity in

cajita-module.js

cajita-module.js:41 (kpreid)
explain static (sync) loading module id semantics.
cajita-module.js:246 (unknown)
validate the response before eval it

cajita.js

cajita.js:33 (erights)
All code text in comments should be enclosed in {@code ...}.
cajita.js:35 (ihab.awad)
Missing tests in CajitaTest.java for the functionality
cajita.js:72 (erights)
Move such extensions to a separate extensions.js.
cajita.js:80 (erights)
Really, to follow ES5, Date.prototype.toISOString
cajita.js:409 (erights)
We may deprecate this in favor of <pre>
cajita.js:562 (erights)
Analyze the security implications
cajita.js:595 (erights)
Detect whether this is a valid constructor
cajita.js:666 (erights)
walk prototype chain.
cajita.js:730 (erights)
Object(<primitive>) wrappers should also be
cajita.js:983 (erights)
Having a fastpath flag for this probably doesn't
cajita.js:1042 (erights)
We should probably
cajita.js:1071 (erights)
Given that we maintain the invariant that
cajita.js:1115 (erights)
Given that we maintain the invariant that
cajita.js:1368 (erights)
Should add a debugging flag to enable
cajita.js:1426 (erights)
Should
cajita.js:1972 (erights)
To avoid accidents, <tt>markXo4a</tt>,
cajita.js:2047 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2050 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2051 (erights)
non-user-hostile error message
cajita.js:2054 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2061 (metaweta)
make this a cajita-uncatchable exception
cajita.js:2133 (erights)
Once ES5 settles, revisit this and
cajita.js:2207 (erights)
Once we have ES5ish attribute control, it
cajita.js:2212 (erights)
Revisit this case
cajita.js:2622 (erights)
Find out if this is still the plan.
cajita.js:2649 (erights)
consider
cajita.js:2879 (erights)
domita would currently generate this warning,
cajita.js:2888 (erights)
See above TODO note.
cajita.js:3831 (erights)
The only remaining use as of this writing is
cajita.js:4038 (erights)
Not clear that this is the performant
cajita.js:4121 (erights)
revisit once we do ES5ish attribute control.

event_store.js

event_store.js:108 (mikesamuel)
look at tzid
event_store.js:116 (mikesamuel)
translate to start tzid
event_store.js:125 (mikesamuel)
handle multiple RRULES, EXRULES, RDATES, EXDATES

filters-cajita.js

filters-cajita.js:81 (mikesamuel)
according to section 4.3.10

hcalendar.js

hcalendar.js:328 (mikesamuel)
resolve the href attrib relative to globalProps.url?
hcalendar.js:333 (mikesamuel)
resolve the href attrib relative to globalProps.url?
hcalendar.js:341 (mikesamuel)
other url node/attrib pairs?

html-interp.js

html-interp.js:72 (unknown)
check for apparent end tag
html-interp.js:237 (unknown)
escape format control characters
html-interp.js:1102 (mikesamuel)
if there's an easy way to interleave bits when

instanceGenerators-cajita.js

instanceGenerators-cajita.js:172 (mikesamuel)
this may be premature. If needed, We could

package.html

package.html:34 (mikesamuel)
write me
package.html:73 (mikesamuel)
write me

rrule-cajita.js

rrule-cajita.js:194 (mikesamuel)
don't need a list here
rrule-cajita.js:206 (mikesamuel)
the spec is not clear on this. Treat the week
rrule-cajita.js:242 (mikesamuel)
filter byWeekNo and write unit tests
rrule-cajita.js:256 (mikesamuel)
filter byWeekNo and write unit tests
rrule-cajita.js:306 (mikesamuel)
if count is large, we might try predicting the end
rrule-cajita.js:311 (mikesamuel)
warn
rrule-cajita.js:348 (mikesamuel)
if we allow iteration more frequently than daily
rrule-cajita.js:602 (mikesamuel)
apply byhour, byminute, bysecond rules here

string-interpolation.js

string-interpolation.js:273 (unknown)
This implementation does not correctly handle [:Cf:] characters.

container-interaction.html

container-interaction.html:19 (kpreid)
At least, that used to be true. The info on that page is tied

cajole.py

cajole.py:80 (kpreid)
Use URL Fetch async requests for parallelism/network
cajole.py:104 (kpreid)
complain to app engine about not being able to
cajole.py:125 (kpreid)
when not debugging, DO put in cache with a shorter timeout

embedded-scripts.js

embedded-scripts.js:25 (kpreid)
have a sensible default instead of this app needing it
embedded-scripts.js:32 (unknown)
unsafe, need to check mimeType but that's not sufficient

searchengine.js

searchengine.js:25 (ihab.awad)
In un-cajoled code, use ___ instead of _ to indicate

events.js

events.js:49 (ihab.awad)
Support sending more (variable) arguments with fire()

introducer.js

introducer.js:286 (ihab.awad)
makeProvider: makeProvider, */

bank.js

bank.js:24 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:25 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:26 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE
bank.js:27 (unknown)
INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE TODO INSECURE

Playground.css

Playground.css:20 (jasvir)
Consider inlining into Playground.html to eliminate roundtrip

PlaygroundService.java

PlaygroundService.java:38 (jasvir)
Fetching ought to be done via a separate service

policy.js

policy.js:28 (jasvir)
rewrite attributes

PlaygroundView.java

PlaygroundView.java:318 (mikesamuel)
extract this a better way once we're providing module

GWTCajolingServiceImpl.java

GWTCajolingServiceImpl.java:78 (jasvir)
URIs in some contexts (such as links to new pages) should
GWTCajolingServiceImpl.java:116 (jasvir)
Outline this and all the other examples of cajole

package.html

package.html:737 (unknown)
package.html:740 (unknown)
package.html:743 (unknown)
the things that need to be TODOne.
package.html:747 (unknown)
|CAVEAT)\b/g);
package.html:757 (unknown)
' || part === 'CAVEAT') {

es53.js

es53.js:210 (erights)
We should probably
es53.js:239 (erights)
Given that we maintain the invariant that
es53.js:283 (erights)
Given that we maintain the invariant that
es53.js:401 (unknown)
untameRecord isn't defined yet
es53.js:1094 (unknown)
Can all this JSON stuff be moved out of the TCB?
es53.js:1221 (erights)
We may deprecate this in favor of <pre>
es53.js:1422 (erights)
Not clear that this is the performant
es53.js:1748 (unknown)
Should nonextensible objects be stampable?
es53.js:1778 (erights)
The only remaining use as of this writing is
es53.js:1817 (erights)
Find out if this is still the plan.
es53.js:2893 (unknown)
The latest draft errata fixes this. We'll be ratifying
es53.js:3011 (unknown)
Where this is used, do we really want frozenness
es53.js:4402 (metaweta)
Deprecate this API, since it requires that we leave

CssPropertyPatterns.java

CssPropertyPatterns.java:405 (jasvir)
Clarify the meaning of (a||b)* and modify this function

CssSchema.java

CssSchema.java:188 (mikesamuel)
Is there any value in enumerating elements?

HtmlSchema.java

HtmlSchema.java:140 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue
HtmlSchema.java:144 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue
HtmlSchema.java:148 (mikesamuel)
divert IllegalArgumentExceptions to MessageQueue

CssLexer.java

CssLexer.java:33 (mikesamuel)
CSS2.1 has changed lexical conventions to effectively
CssLexer.java:46 (mikesamuel)
all clients should pass in a proper queue

HtmlLexer.java

HtmlLexer.java:404 (mikesamuel)
rewrite with a transition table or just use ANTLR

InputElementSplitter.java

InputElementSplitter.java:353 (unknown)
can this first clause go away?

Escaping.java

Escaping.java:446 (mikesamuel)
Once IE allows escapes inside URLs, then

UriUtil.java

UriUtil.java:189 (mikesamuel)
stop using java.net.URI and use a decent URL

AbstractParseTreeNode.java

AbstractParseTreeNode.java:145 (mikesamuel)
maybe reliably throw an exception type, that includes

ParseTreeNodeContainer.java

ParseTreeNodeContainer.java:58 (mikesamuel)
this should never be rendered since rendering a group

ParserBase.java

ParserBase.java:184 (mikesamuel)
is this true?

CssTree.java

CssTree.java:1319 (mikesamuel)
maybe enforce the convention that there are matched

AbstractElementStack.java

AbstractElementStack.java:151 (mikesamuel)
check against XML&HTML definitions of whitespace.

Nodes.java

Nodes.java:301 (unknown)
do away with the below once Shindig has done away with Neko.
Nodes.java:466 (unknown)
do away with these once shindig has gotten rid of Neko

CajoledModule.java

CajoledModule.java:42 (ihab.awad)
This class relies on

LabeledStmtWrapper.java

LabeledStmtWrapper.java:32 (mikesamuel)
Investigate whether use of continue to a non loop
LabeledStmtWrapper.java:34 (mikesamuel)
Do we want to remove labelling of non-loop statements
LabeledStmtWrapper.java:36 (mikesamuel)
Erase the distinction between LabeledStmtWrapper and

ObjectConstructor.java

ObjectConstructor.java:26 (unknown)
audit all places where (instanceof Expression) is used since we have

Statement.java

Statement.java:30 (mikesamuel)
breaksReaching should probably take a parameter of type
Statement.java:32 (mikesamuel)
rename breaks and continues to collectBreakTargets and

StringLiteral.java

StringLiteral.java:133 (msamuel)
move unescaping to Escaping.java -- nobody will look there

SwitchCase.java

SwitchCase.java:31 (unknown)
instead of using a block, introduce a statement collection as a super

SyntheticNodes.java

SyntheticNodes.java:20 (erights,ihab)
Remove the concept of "synthetic" entirely.

AlphaRenamingRewriter.java

AlphaRenamingRewriter.java:241 (mikesamuel)
skip if the self name is never used.

CajitaRewriter.java

CajitaRewriter.java:94 (unknown)
move this into scope if we use a single CajitaRewriter to rewrite
CajitaRewriter.java:288 (mikesamuel)
How does this work? Why not return node?
CajitaRewriter.java:327 (ihab.awad)
originalSource
CajitaRewriter.java:328 (ihab.awad)
sourceLocationMap
CajitaRewriter.java:329 (ihab.awad)
imports
CajitaRewriter.java:330 (ihab.awad)
manifest
CajitaRewriter.java:551 (mikesamuel)
once decls consolidated, no need to add to
CajitaRewriter.java:777 (mikesamuel)
limit
CajitaRewriter.java:820 (mikesamuel)
limit further
CajitaRewriter.java:1018 (mikesamuel)
Limit further
CajitaRewriter.java:1347 (erights)
Need a general way to expand lValues
CajitaRewriter.java:1368 (erights)
Need a general way to expand lValues
CajitaRewriter.java:1395 (erights)
Need a general way to expand readModifyWrite lValues.
CajitaRewriter.java:1405 (mikesamuel)
better lower limit
CajitaRewriter.java:1438 (mikesamuel)
better lower bound
CajitaRewriter.java:1448 (mikesamuel)
Figure out when post increments are being

DefaultValijaRewriter.java

DefaultValijaRewriter.java:92 (erights)
If we ever turn on taint checking for
DefaultValijaRewriter.java:113 (mikesamuel)
check after Kona meeting
DefaultValijaRewriter.java:817 (erights)
Need a general way to expand readModifyWrite lValues.
DefaultValijaRewriter.java:827 (mikesamuel)
better lower limit
DefaultValijaRewriter.java:866 (mikesamuel)
better lower bound
DefaultValijaRewriter.java:876 (mikesamuel)
Figure out when post increments are being

ES53Rewriter.java

ES53Rewriter.java:95 (unknown)
move this into scope if we use a single ES53Rewriter to rewrite
ES53Rewriter.java:297 (mikesamuel)
How does this work? Why not return node?
ES53Rewriter.java:336 (ihab.awad)
originalSource
ES53Rewriter.java:337 (ihab.awad)
sourceLocationMap
ES53Rewriter.java:338 (ihab.awad)
imports
ES53Rewriter.java:339 (ihab.awad)
manifest
ES53Rewriter.java:413 (unknown)
(metaweta) Implement block scoping.
ES53Rewriter.java:522 (mikesamuel)
once decls consolidated, no need to add to
ES53Rewriter.java:559 (unknown)
(metaweta) Implement immutability auditor and then only allow
ES53Rewriter.java:743 (mikesamuel)
limit
ES53Rewriter.java:759 (metaweta)
Use fastpath
ES53Rewriter.java:796 (mikesamuel)
limit further
ES53Rewriter.java:932 (unknown)
It's not masking, it's replacing; invent a different error.
ES53Rewriter.java:958 (metaweta)
Use fastpath.
ES53Rewriter.java:983 (metaweta)
Use fastpath.
ES53Rewriter.java:1258 (erights)
Need a general way to expand lValues
ES53Rewriter.java:1279 (erights)
Need a general way to expand lValues
ES53Rewriter.java:1304 (erights)
Need a general way to expand readModifyWrite lValues.
ES53Rewriter.java:1314 (mikesamuel)
better lower limit
ES53Rewriter.java:1348 (mikesamuel)
better lower bound
ES53Rewriter.java:1358 (mikesamuel)
Figure out when post increments are being
ES53Rewriter.java:1645 (metaweta)
Do a lighter-weight wrapping when the function
ES53Rewriter.java:1690 (metaweta)
Only use closure if it's really recursive.
ES53Rewriter.java:2094 (unknown)
use a whitelist, deactivate the rest by replacing with

Permit.java

Permit.java:64 (erights)
Add case for dotted path expression.
Permit.java:87 (erights)
encode (or at least sanitize) key

PermitTemplate.java

PermitTemplate.java:44 (erights)
to be read in from a JSON config

QuasiBuilder.java

QuasiBuilder.java:402 (unknown)
support getters and setters in object quasis

QuasiNode.java

QuasiNode.java:88 (ihab.awad)
As a special case, an Identifier with a null value is

Rewriter.java

Rewriter.java:238 (erights)
consider returning a defensive copy rather than

Rule.java

Rule.java:316 (unknown)
If we ever have a cheap way to test whether result is used freely
Rule.java:457 (erights)
These rules should be independent of whether we're writing
Rule.java:537 (metaweta)
Figure out a way to leave key alone and

RuleDescription.java

RuleDescription.java:58 (ihab.awad)
Add metadata for a rule indicating that it always fails,

Scope.java

Scope.java:132 (ihab.awad)
importedVariables is only used by the root-most scope; it
Scope.java:301 (ihab.awad)
Uses private access to 's' which is of same class but distinct
Scope.java:319 (ihab.awad)
Uses private access to 's' which is of same class but distinct
Scope.java:535 (ihab.awad)
Refactor to use standard Caja Visitor. Currently not
Scope.java:598 (ihab.awad)
Change the ParseTreeNode type for the right hand sides
Scope.java:711 (erights)
Permit should generate a JSON AST directly,

TrailingUnderscoresHole.java

TrailingUnderscoresHole.java:73 (mikesamuel)
can this move from the superclass into a sibling class?

BuildServiceImplementation.java

BuildServiceImplementation.java:137 (ihab.awad)
Need to pass in the URI rewriter from the build
BuildServiceImplementation.java:389 (mikesamuel)
limit to JSON

Config.java

Config.java:53 (mikesamuel)
make this subclassable so opensocial specific flags can be
Config.java:110 (mikesamuel)
remove once JS uri policy is okay

CssRewriter.java

CssRewriter.java:545 (mikesamuel)
check argument if child now a FunctionCall
CssRewriter.java:644 (unknown)
CssRewriter.java:741 (mikesamuel)
for content: and other URI types, use

CssValidator.java

CssValidator.java:896 (mikesamuel)
this is currently 6 instead of 4 because it also limits
CssValidator.java:1103 (unknown)
propagate error message

bridal.js

bridal.js:149 (mikesamuel)
should we whitelist nodes here, to e.g. prevent
bridal.js:209 (unknown)
Safari 2's defaultView wasn't a window object :(
bridal.js:240 (mikesamuel)
can bubbling and cancelable on events be simulated
bridal.js:248 (mikesamuel)
when we change event dispatching to happen
bridal.js:284 (ihab.awad)
How do we emulate 'useCapture' here?
bridal.js:316 (ihab.awad)
How do we emulate 'useCapture' here?

caja.js

caja.js:94 (unknown)
Put a class on this so if the host page cares about 'all iframes'
caja.js:114 (kpreid)
justify this set of refs as being sufficient to do

domita.js

domita.js:35 (ihab.awad)
Our implementation of getAttribute (and friends)
domita.js:47 (ihab.awad)
Come up with a uniform convention (and helper functions,
domita.js:197 (ihab.awad)
Improve implementation (interleaving, memory leaks)
domita.js:267 (ihab.awad)
Do we need more attributes of the event than 'target'?
domita.js:321 (ihab.awad)
send()-ing an empty string because send() with no
domita.js:327 (ihab.awad)
Expect tamed XML document; unwrap and send
domita.js:361 (ihab.awad)
Implement a taming layer for XML. Requires generalizing
domita.js:592 (ihab.awad)
Does this work on IE, where console output
domita.js:1029 (mikesamuel)
integrate cajita compiler to allow arbitrary
domita.js:1045 (mikesamuel)
determine mime type properly.
domita.js:1100 (mikesamuel)
make sure it really is a DOM node
domita.js:1570 (mikesamuel)
upward navigation breaks capability discipline.
domita.js:1711 (erights)
Come up with some notion of a keeper chain so we can
domita.js:1789 (metaweta)
Add code to list all the other handled stuff we know
domita.js:1834 (unknown)
If they are not under the same virtual doc root, return
domita.js:1975 (metaweta)
Add code to list all the other handled stuff we know
domita.js:2045 (mikesamuel)
make nodeClasses work.
domita.js:2564 (ihab.awad)
Due to the following bug:
domita.js:2970 (mikesamuel)
make sure event doesn't propagate to dispatched
domita.js:2980 (mikesamuel)
make sure event doesn't propagate to dispatched
domita.js:3094 (metaweta)
Add code to list all the other handled stuff we know
domita.js:3116 (mikesamuel)
create a proper class for BODY, HEAD, and HTML along
domita.js:3193 (unknown)
If they are not under the same virtual doc root, return
domita.js:3604 (unknown)
maybe whitelist the color names defined for CSS if the arg is a
domita.js:3664 (mikesamuel)
remove these, and only expose them via window once
domita.js:3680 (mikesamuel)
figure out a mechanism by which the container can
domita.js:3749 (mikesamuel)
Implement in terms of
domita.js:3751 (unknown)
expose a read-only version of the document
domita.js:3774 (unknown)
need a testcase for this
domita.js:3795 (ihab.awad)
Implement
domita.js:3970 (mikesamuel)
define on prototype.
domita.js:3999 (ihab.awad)
Build a more sophisticated virtual class hierarchy by

host-tools.js

host-tools.js:42 (kpreid)
the above probably does the wrong thing in the case where
host-tools.js:53 (kpreid)
allow subbing module id resolver
host-tools.js:54 (kpreid)
Using XHR loader didn't work; why?
host-tools.js:82 (kpreid)
This needs to be redefined in terms of effect/loader;
host-tools.js:108 (unknown)
review error handling -- are errors propagated and descriptive?
host-tools.js:125 (unknown)
does not support dependencies. Needs to tie in to
host-tools.js:155 (kpreid)
do we want to reject multiple attach attempts?

html-emitter.js

html-emitter.js:94 (unknown)
We could append the cajoled HTML to existing contents of the

html-sanitizer.js

html-sanitizer.js:101 (unknown)
&pi; is different from &Pi;
html-sanitizer.js:187 (mikesamuel)
validate sanitizer regexs against the HTML5 grammar at
html-sanitizer.js:404 (mikesamuel)
relying on sanitizeAttributes not to

CajaRuntimeDebuggingRewriter.java

CajaRuntimeDebuggingRewriter.java:52 (erights)
Nothing is gained by having this be a partial override of

CompileHtmlStage.java

CompileHtmlStage.java:82 (ihab.awad)
We do *not* want to support multiple HTML files

DebuggingSymbolsStage.java

DebuggingSymbolsStage.java:166 (ihab.awad)
http://code.google.com/p/google-caja/issues/detail?id=994
DebuggingSymbolsStage.java:185 (ihab.awad)
http://code.google.com/p/google-caja/issues/detail?id=994

InferFilePositionsStage.java

InferFilePositionsStage.java:54 (unknown)
Once I have network access, figure out if this is here because of a mis-merge?

OpenTemplateStage.java

OpenTemplateStage.java:52 (mikesamuel)
this could probably be more simply done as a
OpenTemplateStage.java:385 (unknown)
output to a message queue

ResolveUriStage.java

ResolveUriStage.java:71 (mikesamuel)
this is problematic for DOM nodes parsed without

ValidateCssStage.java

ValidateCssStage.java:52 (mikesamuel)
build up a list of classes and ids for use in

IHTML.java

IHTML.java:118 (unknown)

SafeHtmlMaker.java

SafeHtmlMaker.java:341 (ihab.awad)
Will add UncajoledModule wrapper when we no longer
SafeHtmlMaker.java:506 (mikesamuel)
do we need to emit a static attribute when the
SafeHtmlMaker.java:572 (mikesamuel)
can we get rid of this noop by getting rid of the

TemplateCompiler.java

TemplateCompiler.java:237 (ihab.awad)
Investigate why this is the right criterion to use.

MessageType.java

MessageType.java:26 (mikesamuel)
rename this to CommonMessageType and rename

CajolingService.java

CajolingService.java:161 (jasvir)
Change CajaArguments to handle >1 occurrence of arg

CajolingServlet.java

CajolingServlet.java:99 (jasvir)
The service like the gwt version should accumulate

HtmlHandler.java

HtmlHandler.java:92 (mikesamuel)
this is not a valid assumption.

HttpStatus.java

HttpStatus.java:20 (jasvir)
Use a standard class or move to appropriate package

InnocentHandler.java

InnocentHandler.java:76 (ihab.awad)
Fix the "unrecoverable" error responses throughout

InvalidArgumentsException.java

InvalidArgumentsException.java:21 (ihab.awad)
Would a {@link com.google.caja.reporting.MessageType} be

Criterion.java

Criterion.java:23 (mikesamuel)
replace "may be null" and "not null" shorthands with
Criterion.java:25 (mikesamuel)
replace with com.google.common.Predicate and the

valija-cajita.js

valija-cajita.js:120 (erights)
Once EcmaScript and Valija allow patterns in parameter
valija-cajita.js:188 (erights)
If the resolution of bug #814 is for
valija-cajita.js:275 (erights)
figure out why things break when the
valija-cajita.js:348 (erights)
Investigate why things break if the following line
valija-cajita.js:355 (erights)
Why are we testing for the empty string here?
valija-cajita.js:452 (erights)
fix this once DONTENUM properties are better

AnnotationHandlersTest.java

AnnotationHandlersTest.java:467 (unknown)
the positions below seem to be wrong

LinterTest.java

LinterTest.java:484 (mikesamuel)

VariableLivenessTest.java

VariableLivenessTest.java:747 (mikesamuel)
should work if there is a break here.

EnvironmentChecksTest.java

EnvironmentChecksTest.java:30 (unknown)
make an ASCII-art Rhino.

ParseTreeKBTest.java

ParseTreeKBTest.java:580 (unknown)
Could optimize out foo.

ConfigUtilTest.java

ConfigUtilTest.java:30 (mikesamuel)
better file positions for error messages.

BenchmarkSize.java

BenchmarkSize.java:40 (jasvir)
Find a nice collection of "typical" html files!

bitset_test.html

bitset_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

filters_test.html

filters_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

generators_test.html

generators_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

hcalendar_test.js

hcalendar_test.js:657 (unknown)
- do we need a special test for this? is x2v working"
hcalendar_test.js:889 (unknown)
- wait on MarkM to figure out what\'s up with this test."
hcalendar_test.js:919 (unknown)
not sure about this test
hcalendar_test.js:955 (unknown)
- not sure about this one -->",
hcalendar_test.js:1237 (unknown)
- I don\'t think attendee stuff is implemented in X2V"
hcalendar_test.js:1254 (unknown)
- should \'REQ-PARTICIPANT be lc\'ed? -->",
hcalendar_test.js:1260 (unknown)
- should mailto: be here? -->",
hcalendar_test.js:1391 (unknown)
- ask MarkM about this. Did he mean to use <del>? -->",
hcalendar_test.js:1439 (unknown)
- review the x2v formatting stuff for DESCRIPTION"
hcalendar_test.js:1506 (unknown)
-->",
hcalendar_test.js:1557 (unknown)
- eh? -->",

rrule_test.html

rrule_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

rrule_test.js

rrule_test.js:534 (msamuel)
implement hourly iteration
rrule_test.js:546 (msamuel)
implement minutely iteration
rrule_test.js:559 (msamuel)
implement minutely iteration
rrule_test.js:763 (msamuel)
is this right?
rrule_test.js:960 (msamuel)
check advancement of more examples

time_test.html

time_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

time_util_test.html

time_util_test.html:20 (mikesamuel)
cajole the scripts so that for loops work. -->

time_util_test.js

time_util_test.js:97 (mikesamuel)
check that these answers are right

CssSchemaTest.java

CssSchemaTest.java:54 (mikesamuel)
test getSymbol

CssParserTest.java

CssParserTest.java:169 (jasvir)
Should whitespace after the units in quantities be escaped

CssTreeTest.java

CssTreeTest.java:219 (mikesamuel)
test rendering of @imports, @page, @font-face,
CssTreeTest.java:221 (mikesamuel)
test rendering of unicode range literals.

cssparserinput5.css

cssparserinput5.css:83 (unknown)
*/

csssnippets5.txt

csssnippets5.txt:227 (unknown)
*/
csssnippets5.txt:230 (unknown)
*/

DomMembrane.java

DomMembrane.java:26 (unknown)
should be weakly keyed, but only used for short lived tests.

DomParserTest.java

DomParserTest.java:1068 (mikesamuel)
this error message seems to be a bug.
DomParserTest.java:2472 (unknown)
Why is this here?

FuzzedParserTest.java

FuzzedParserTest.java:24 (jasvir)
These tests were generated by the fuzzer - distill them to

ParserTest.java

ParserTest.java:52 (mikesamuel)
better comment each of the test input files.

CajitaRewriterTest.java

CajitaRewriterTest.java:208 (ihab.awad)
Enhance test framework to allow "before" and "after"
CajitaRewriterTest.java:400 (erights)
This test isn't green because we haven't yet fixed the bug.
CajitaRewriterTest.java:416 (erights)
Need more tests.
CajitaRewriterTest.java:600 (ihab.awad)
The below should throw MessageType.MASKING_SYMBOL at
CajitaRewriterTest.java:1469 (ihab.awad)
Once permit templates can be loaded dynamically, create
CajitaRewriterTest.java:1498 (ihab.awad)
The below test is not as complete as it should be
CajitaRewriterTest.java:2100 (ihab.awad)
SECURITY: Re-enable by reading (say) x.foo, and
CajitaRewriterTest.java:2440 (erights)
Fix when bug 956 is fixed.
CajitaRewriterTest.java:2461 (unknown)
Refactor the test cases so that we can use CajitaModuleRewriter

CommonJsRewriterTestCase.java

CommonJsRewriterTestCase.java:124 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:150 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:176 (erights)
failure should no longer be an option on (S)ES5/3.
CommonJsRewriterTestCase.java:205 (erights)
failure should no longer be an option on (S)ES5/3.

DefaultValijaRewriterTest.java

DefaultValijaRewriterTest.java:437 (ihab.awad)
SECURITY: Re-enable by reading (say) x.foo, and
DefaultValijaRewriterTest.java:629 (erights)
Fix when bug 953 is fixed.
DefaultValijaRewriterTest.java:637 (erights)
Fix when bug 953 is fixed.

ES53RewriterTest.java

ES53RewriterTest.java:204 (erights)
Fix these tests to test for the output we now expect.
ES53RewriterTest.java:354 (erights)
Fix when bug 953 is fixed.
ES53RewriterTest.java:620 (erights)
Need more tests.

RewriterTestCase.java

RewriterTestCase.java:70 (ihab.awad)
Refactor tests to use checkAddsMessage(...) instead
RewriterTestCase.java:146 (ihab.awad)
Change dependents to use checkAddsMessage and
RewriterTestCase.java:149 (ihab.awad)
Change checkAddsMessage and similar functions to check

BrowserTestCase.java

BrowserTestCase.java:58 (kpreid)
deploy the already-configured war instead of manually
BrowserTestCase.java:122 (unknown)
print a warning here?

CssRewriterTest.java

CssRewriterTest.java:335 (mikesamuel)
fix message. "fixed" is well-formed but disallowed.

CssValidatorTest.java

CssValidatorTest.java:1068 (mikesamuel)
We could break the position rule into multiple

HostToolsTest.java

HostToolsTest.java:26 (kpreid)
Figure out why RhinoTestBed.runJsUnittestFromHtml isn't

HtmlCompiledPluginTest.java

HtmlCompiledPluginTest.java:60 (metaweta)
Move as many of these as possible to
HtmlCompiledPluginTest.java:124 (stay)
Once they decide on scoping & initialization rules, test

domita_test.html

domita_test.html:336 (unknown)
async requirements are not counted in the test status.
domita_test.html:344 (mikesamuel)
rewrite XHR and setTimeout tests to use this scheme.
domita_test.html:458 (mikesamuel)
write this properly.

domita_test_untrusted.html

domita_test_untrusted.html:657 (mikesamuel)
enable for all node-types once EQ fixed on IE
domita_test_untrusted.html:664 (mikesamuel)
enable for all node-types once EQ fixed on IE
domita_test_untrusted.html:888 (ihab.awad)
Add negative tests when virtual hierarchy is improved:
domita_test_untrusted.html:1048 (unknown)
webdriver doesn't have a good way of testing relatedTarget.
domita_test_untrusted.html:1067 (mikesamuel)
This is wrong because we don't allow the insertion point
domita_test_untrusted.html:1171 (metaweta)
This test should be replaced by ones for the proper
domita_test_untrusted.html:1450 (unknown)
this test often causes ie6/ie7 to crash. figure out why
domita_test_untrusted.html:1724 (mikesamuel)
test that getElementsByTagName and getElementsByClassName
domita_test_untrusted.html:2091 (felix8a)
also need to test when onload isn't set
domita_test_untrusted.html:3435 (unknown)
can't verify focus changes in webdriver, because webdriver runs

host-iframe-test.js

host-iframe-test.js:74 (unknown)
arrange to reliably detect loading errors in loadCaja and report

host-tools-test.js

host-tools-test.js:48 (kpreid)
do this with nice output without using jsUnitCore internals?
host-tools-test.js:198 (kpreid)
When the whole URI-policy-implementation thing is cleaned

jsunit.js

jsunit.js:54 (unknown)
create jsunitRegisterAsync(), then make passes implicit.

IhtmlSanityCheckerTest.java

IhtmlSanityCheckerTest.java:331 (mikesamuel)
move parameters into a separate namespace so they

ServiceTestCase.java

ServiceTestCase.java:146 (ihab.awad)
Change tests to use structural equality (via quasi

MoreAsserts.java

MoreAsserts.java:36 (mikesamuel)
maybe actually diff using
MoreAsserts.java:49 (mikesamuel)
maybe actually diff using

RhinoTestBed.java

RhinoTestBed.java:66 (mikesamuel)
maybe replace this with the JSR 223 stuff.