html search: use a Map to collect file-term scores
#13060
Conversation
jayaddison
added
html search
javascript
|
My premise, that this is an exploitable problem, seems to be flawed, which is fortunate. Even so, I don't think that I approached resolving this in a good way; there is a disclosure path for vulnerabilities in Sphinx, and I should have used that. I did weigh up a few factors about the possible impact of the problem, and then decided to open a pull request without following the disclosure path, but in hindsight that wasn't really a great idea (despite the fact that I now believe the flaw is a non-concern). I think I'll probably step back from contributing for a while, perhaps here and elsewhere; this seemed to be a hasty effort, and I'd like to make sure I'm being thorough especially about poentially-important problems like security bugs (I believe I have been thorough in the past, but wasn't with this, so that seems to reflect changes in behaviour). |
James -- I don't currently have time to review the substantive discussion, but I wanted to quickly write something. Your efforts are immensely appreciated, and I don't want you to take this too hard or etc. Problems in process affect all of us, and so I wouldn't want to loose you from the project (or open source in general!) for a (potential) misstep. Identifying potential problems in the first place is inherently valuable. I sympathise with the feeling of discovering a security problem and wanting to alert people as quickly as possible. The project can improve here by adding a more advertised SECURITY.rst policy, which I will take as an action. Currently, we use GitHub's Security Advisories. Please do take all the time you need, but I wanted to write a note to say that I hope you don't overburden yourself with anything and that we keep seeing you around here. Adam |
…ty of the object Ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#setting_object_properties Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
AA-Turner
changed the title
Map instead of an object literal to collect file-term scoresMap to collect file-term scores
|
Thanks again - I think I'll take that time away to recharge/recuperate soon. |
Feature or Bugfix
Purpose
scoreMap, potentially allowing for undesired result scoring adjustments.Detail
Mapinstead of an object literal to record per-file term scoring.Map.setmethod instead of assigning to the properties of the map object.Relates
Edit: add note about using
Map.setin preference to object-property assignment.