commit ed1abc107815210dc66ec439542bee2f6cbabc00
author Dirk Pranke <dpranke@google.com> Fri Jan 10 17:41:03 2025 -0800
committer GN LUCI <gn-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Jan 13 17:02:29 2025 -0800
tree 286821de395ff8a9e2a520c887be2909ea38fb8a
parent c97a86a72105f3328a540f5a5ab17d11989ab7dd

Add `exec_script_allowlist` to replace `exec_script_whitelist`.

To make things slightly more inclusive and descriptive, this
CL introduces an `exec_script_allowlist` value to the dotfile.
It works the same as `exec_script_whitelist`, and in fact
`exec_script_whitelist` is now just a synonym provided for backwards
compatibility.

Bug: 40713186
Change-Id: Ia27c1a60ae6c7ed70626bfad1681247765079be3
Reviewed-on: https://gn-review.googlesource.com/c/gn/+/18100
Reviewed-by: Takuto Ikuta <tikuta@google.com>
Commit-Queue: Dirk Pranke <dpranke@google.com>

docs/reference.md

diff --git a/docs/reference.md b/docs/reference.md
index 041628c..56c554f 100644
--- a/docs/reference.md
+++ b/docs/reference.md
@@ -6562,7 +6562,7 @@
   If no public files are declared, other targets (assuming they have visibility
   to depend on this target) can include any file in the sources list. If this
   variable is defined on a target, dependent targets may only include files on
-  this whitelist unless that target is marked as a friend (see "gn help
+  this allowlist unless that target is marked as a friend (see "gn help
   friend").
 
   Header file permissions are also subject to visibility. A target must be
@@ -7199,7 +7199,7 @@
       default. They can be checked explicitly by running
       "gn check --check-system" or "gn gen --check=system"
 
-  exec_script_whitelist [optional]
+  exec_script_allowlist [optional]
       A list of .gn/.gni files (not labels) that have permission to call the
       exec_script function. If this list is defined, calls to exec_script will
       be checked against this list and GN will fail if the current file isn't
@@ -7213,11 +7213,17 @@
       If unspecified, the ability to call exec_script is unrestricted.
 
       Example:
-        exec_script_whitelist = [
+        exec_script_allowlist = [
           "//base/BUILD.gn",
           "//build/my_config.gni",
         ]
 
+  exec_script_whitelist [optional]
+      A synonym for "exec_script_allowlist" that exists for backwards
+      compatibility. New code should use "exec_script_allowlist" instead.
+      If both values are set, only the value in "exec_script_allowlist" will
+      have any effect (so don't set both!).
+
   export_compile_commands [optional]
       A list of label patterns for which to generate a Clang compilation
       database (see "gn help label_pattern" for the string format).
@@ -8086,7 +8092,7 @@
   GN's header checker helps validate that the includes match the build
   dependency graph. Sometimes an include might be conditional or otherwise
   problematic, but you want to specifically allow it. In this case, it can be
-  whitelisted.
+  allowlisted.
 
   Include lines containing the substring "nogncheck" will be excluded from
   header checking. The most common case is a conditional include: