[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

Vincent Bernat <bernat <at> debian.org> writes:

>  2. Upstream may generate the final pre-minification file with complex
>     tools, like an AMD loader or an ES6/ES5 transpiler, along with the
>     use of non-packaged build tools like Grunt.

> problem. For the second one, a solution would be to consider the
> pre-minification JS code to be perfectly valid source code
> (indentations, comments, variable names, everything is here).

There is (I just had an epiphany) another possible criterium to apply
for to determine what the preferred form of modification is:

Does upstream accept patches for that form?

(The Perl configure script discussion also comes into play, here.)


Reply to: