Mark --disallow-unsafe-eval as a supported feature in usage description.

Mark --disallow-unsafe-eval as a supported feature in usage description.


R=ahe@google.com
BUG=

Committed: https://code.google.com/p/dart/source/detail?r=19280

[ahe, 2013-03-01 07:29:21]

lgtm

Can we find a better name for this option?

I don't like "unsafe" as it implies that we generate unsafe code by default. I
don't think that is true although I understand why eval is scary.

I would rather call this option --csp.

[kasperl, 2013-03-01 08:30:52]

I have no problem with changing the flag, but --csp isn't a very accurate flag
because it covers way too much. CSP imposes restrictions and there are many
different possibilities -- one such default restriction is to disallow "unsafe
evals" but that restriction can be lifted. The term "unsafe eval" is a CSP term.

[kasperl, 2013-03-01 08:40:21]

Committed patchset #1 manually as r19280 (presubmit successful).

[ahe, 2013-03-01 08:49:57]

On 2013/03/01 08:30:52, kasperl wrote:
> I have no problem with changing the flag, but --csp isn't a very accurate flag
> because it covers way too much. CSP imposes restrictions and there are many
> different possibilities -- one such default restriction is to disallow "unsafe
> evals" but that restriction can be lifted. The term "unsafe eval" is a CSP
term.

I suggest that --csp can take an additional argument (long term, I wouldn't
implement it just now).

The --csp option should by default conform with CSP defaults (long term, again).
The additional argument could be a file with CSP headers that the compiler could
parse to see if there are any restrictions it shouldn't enforce.

[kasperl, 2013-03-01 09:12:00]

On 2013/03/01 08:49:57, ahe wrote:
> On 2013/03/01 08:30:52, kasperl wrote:
> > I have no problem with changing the flag, but --csp isn't a very accurate
flag
> > because it covers way too much. CSP imposes restrictions and there are many
> > different possibilities -- one such default restriction is to disallow
"unsafe
> > evals" but that restriction can be lifted. The term "unsafe eval" is a CSP
> term.
> 
> I suggest that --csp can take an additional argument (long term, I wouldn't
> implement it just now).
> 
> The --csp option should by default conform with CSP defaults (long term,
again).
> The additional argument could be a file with CSP headers that the compiler
could
> parse to see if there are any restrictions it shouldn't enforce.

Yeah, that sounds pretty good to me.

[ahe, 2013-03-12 08:28:19]

On 2013/03/01 09:12:00, kasperl wrote:
> On 2013/03/01 08:49:57, ahe wrote:
> > On 2013/03/01 08:30:52, kasperl wrote:
> > > I have no problem with changing the flag, but --csp isn't a very accurate
> flag
> > > because it covers way too much. CSP imposes restrictions and there are
many
> > > different possibilities -- one such default restriction is to disallow
> "unsafe
> > > evals" but that restriction can be lifted. The term "unsafe eval" is a CSP
> > term.
> > 
> > I suggest that --csp can take an additional argument (long term, I wouldn't
> > implement it just now).
> > 
> > The --csp option should by default conform with CSP defaults (long term,
> again).
> > The additional argument could be a file with CSP headers that the compiler
> could
> > parse to see if there are any restrictions it shouldn't enforce.
> 
> Yeah, that sounds pretty good to me.

Filed http://dartbug.com/9073.