-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
html search: use a Map
to collect file-term scores
#13060
html search: use a Map
to collect file-term scores
#13060
Conversation
My premise, that this is an exploitable problem, seems to be flawed, which is fortunate. Even so, I don't think that I approached resolving this in a good way; there is a disclosure path for vulnerabilities in Sphinx, and I should have used that. I did weigh up a few factors about the possible impact of the problem, and then decided to open a pull request without following the disclosure path, but in hindsight that wasn't really a great idea (despite the fact that I now believe the flaw is a non-concern). I think I'll probably step back from contributing for a while, perhaps here and elsewhere; this seemed to be a hasty effort, and I'd like to make sure I'm being thorough especially about poentially-important problems like security bugs (I believe I have been thorough in the past, but wasn't with this, so that seems to reflect changes in behaviour). |
James -- I don't currently have time to review the substantive discussion, but I wanted to quickly write something. Your efforts are immensely appreciated, and I don't want you to take this too hard or etc. Problems in process affect all of us, and so I wouldn't want to loose you from the project (or open source in general!) for a (potential) misstep. Identifying potential problems in the first place is inherently valuable. I sympathise with the feeling of discovering a security problem and wanting to alert people as quickly as possible. The project can improve here by adding a more advertised SECURITY.rst policy, which I will take as an action. Currently, we use GitHub's Security Advisories. Please do take all the time you need, but I wanted to write a note to say that I hope you don't overburden yourself with anything and that we keep seeing you around here. Adam |
…ty of the object Ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#setting_object_properties Co-authored-by: Adam Turner <[email protected]>
Map
instead of an object literal to collect file-term scoresMap
to collect file-term scores
Thanks again - I think I'll take that time away to recharge/recuperate soon. |
Feature or Bugfix
Purpose
scoreMap
, potentially allowing for undesired result scoring adjustments.Detail
Map
instead of an object literal to record per-file term scoring.Map.set
method instead of assigning to the properties of the map object.Relates
Edit: add note about using
Map.set
in preference to object-property assignment.