Reputation: 1137
Google Maps API strict mode compliance
As part of a research project, I am currently investigating the sandboxing of third-party scripts using the Secure EcmaScript implementation of the Google Caja project (https://code.google.com/p/es-lab/wiki/SecureEcmaScript, https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses). I managed to execute the Google Maps application in such a sandbox, i.e. the Google Maps API v3 (https://maps.googleapis.com/maps/api/js) and subsequently loaded scripts are executed in a controlled environment. However, in order to make this work, I had to perform two modifications in the first script that is loaded by the Google Maps application (at the time of writing, this was https://maps.gstatic.com/intl/en_us/mapfiles/api-3/8/2/main.js). Without modifications, the application fails to run because the code is not ECMAScript 5 strict mode compliant. Concretely, following code fragment occurs somewhere in the file:
R.cf=function(){return this}().navigator&&-1!=ha.userAgent[Mc]()[tb]("msie");
In strict mode, function(){return this} returns undefined, causing the property access for "navigator" to throw an error. In non-strict mode, the function would return the global "window" object. I found one more instance where such a situation causes an error in strict mode.
At first, I found it surprising that the Google Maps application is not strict mode compliant. As far as I know, there are only advantages to the usage of strict mode. However, I reckon that the original code might be strict mode compliant, but that the transformations done by the minification compiler remove the compliance. From a security point of view, it is very useful to be able to execute a script in a controlled manner. For instance, this would prevent security violations when an external script has been compromised and its functionality altered. Therefore, I think it would be very useful to be able to execute the Google Maps application inside such a sandbox. However, as the Google Caja implementation of Secure EcmaScript relies on the limitations imposed by strict mode to guarantee its functionality, it requires a Google Maps application that is strict mode compliant.
So my question is: will a strict mode compliant version of the Google Maps application be available soon? Or will the current Google Maps application be replaced by a compliant one?
With kind regards,
Yoran
Upvotes: 0
Views: 1000
Answers (1)
Reputation: 21091
Seems like you should add this to the Maps API issue tracker
http://code.google.com/p/gmaps-api-issues/
... note Google rarely comment on upcomming features. But by adding to the issue tracker. you 1) allow other developers to 'vote' on the suggestion - increasing its 'importance' to google developers and 2) allow you to get notifications if google do anything about it.
Upvotes: 1
Related Questions
- Google Maps Javascript API-Requests
- Google- map restrictions not working?
- Google maps API error
- Google maps api
- Google maps api javascript tag not validating
- Google Maps V3 Rejecting My request
- Google Maps API v3 BrowserIsCompatible
- google maps JavaScript issues
- Google Maps API V3 - Javascript Issue
- Google Map API Errors