From:  matt@ydekproductions.com
Date:  09 Oct 2013 17:45:54 Hong Kong Time
Newsgroup:  news.mozilla.org/mozilla.dev.js-sourcemap
Subject:  

Re: Inconsistency in implementation of )]} XSSI stripping.

NNTP-Posting-Host:  50.152.143.236

The spec says if it begins with those 4 characters, it should skip the entire first line.

So technically WebKit and Blink are just being a bit overly eager. But they'll still work.

If building this to spec, the first line is able to be as long as you want, not just 5 characters, as long as it starts with )]}'.


On Wednesday, July 10, 2013 12:15:27 PM UTC-7, David Glasser wrote:
> In the Mozilla source-map library (which I believe is what FireFox
> 
> uses), )]} stripping is done like this:
> 
> 
> 
>       sourceMap = JSON.parse(aSourceMap.replace(/^\)\]\}'/, ''));
> 
> 
> 
> https://github.com/mozilla/source-map/blob/master/lib/source-map/source-map-consumer.js#L50
> 
> 
> 
> 
> 
> 
> 
> 
> 
> In WebKit and Blink, the code is more like:
> 
> 
> 
>         if (response.slice(0, 3) === ")]}")
> 
>             response = response.substring(response.indexOf('\n'));
> 
> 
> 
> https://github.com/WebKit/webkit/blob/318f72711d21811d0adc2ef0a7afb8fc68bf6fec/Source/WebCore/inspector/front-end/SourceMap.js#L67
> 
> https://github.com/yoavweiss/Blink/blob/master/Source/devtools/front_end/SourceMap.js#L78
> 
> 
> 
> 
> 
> 
> 
> 
> 
> The spec says:
> 
> 
> 
>    a line starting with the string “)]}'”
> 
> 
> 
> https://docs.google.com/a/meteor.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k/edit#
> 
> 
> 
> 
> 
> So it looks like if you start with the five characters
> 
>     )]}'  [newline]
> 
> it will work with both implementations, and that's technically what
> 
> the spec says.  But there are strings that will work with one but not
> 
> the other (leaving out the newline works for mozilla, leaving out the
> 
> single quote works for webkit).  Is this inconsistency intentional?
> 
> eg, is the single quote in the spec too hard to read (I certainly
> 
> didn't see it the first time I read it).
> 
> 
> 
> At the very least, could the spec be amended to be incredibly clear
> 
> that you need five characters (including the
> 
> currently-difficult-to-see single quote and the implicitly-mentioned
> 
> newline) for this to work consistently?  Otherwise, somebody trying to
> 
> interpret the spec by looking at one of the two implementations would
> 
> end up with incomplete information.
> 
> 
> 
> --dave