| 04:15 | <Justin Ridgewell> | this is a very fun writeup of a CVE in chrome which happened as a consequence of a change to TypedArrays in the spec: https://tiszka.com/blog/CVE_2021_21225.html |
| 05:06 | <bakkot> | Justin Ridgewell: a friend linked me to https://twitter.com/erikcorry/status/1427755338196033553 |
| 05:06 | <bakkot> | no idea how he came across it |
| 15:51 | <shu> | it went around the V8 internal chat when the writeup first came up |
| 18:10 | <jschoi> | The decorator spec currently seems to allow whitespace/comments between |
| 18:11 | <jschoi> | TabAtkins and I are exploring a new [contiguous] annotation that, similarly to [no LineTerminator here], would disallow any discarded tokens (whitespace, comments) at its position. We would also use it for the Hack pipe operator’s topic token (https://github.com/js-choi/proposal-hack-pipes/issues/13#issuecomment-907380621). |
| 18:12 | <jschoi> | It seems like such a [contiguous] annotation perhaps ought to be between @ and its following expression, too. |
| 18:12 | <jschoi> | It would also be more consistent with @init:, which is currently a single token and which does not allow discarded tokens between @ and init:. |
| 18:16 | <jschoi> | Anyways, allowing @ foo class C { } or @[line terminator]foo class C { } seems like it might be an oversight. |
| 18:19 | <jmdyck> | Whether @init: is a single token is unclear: I don't think the proposal modifies the lexical grammar to recognize @ at all, let alone @init:. |
| 18:23 | <jmdyck> | (e.g., @ doesn't appear in OtherPunctuator) |