Monday, December 2, 2019

Re: Adding u2f to js.identifier.blacklist

Am 30.11.2019 um 01:34 schrieb 'Axel' via GWT Users:
> The obfuscator does not have "u2f" as a blacklisted identifier.
> In conjunction with a Firefox that now (>=67) has U2F enabled by default
> (see about:config, security.webauth.u2f) the identifier "window.u2f" is
> made available. When the obfuscator uses u2f as an output symbol, weird
> things can happen, such as properties that are expected to be found on
> the object bound to the obfuscated "u2f" identifier not being found
> because u2f points to the U2F object and not the application object.

If not happened already, "webauthn" should be blacklisted as well. But
I'm not sure how likely it is that this text will ever be the result
of an obfuscation ;-)

Cheers, Lothar

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

No comments:

Post a Comment