-
Notifications
You must be signed in to change notification settings - Fork 72
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(ses): fix #2598 with cauterizeProperty reuse
- Loading branch information
Showing
5 changed files
with
93 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
import { objectHasOwnProperty } from './commons.js'; | ||
|
||
/** | ||
* @import {Reporter} from './reporting-types.js' | ||
*/ | ||
|
||
/** | ||
* | ||
* @param {object} obj | ||
* @param {PropertyKey} prop | ||
* @param {boolean} known | ||
* @param {string} subPath | ||
* @param {Reporter} reporter | ||
* @returns {void} | ||
*/ | ||
export const cauterizeProperty = ( | ||
obj, | ||
prop, | ||
known, | ||
subPath, | ||
{ warn, error }, | ||
) => { | ||
// Either the object lacks a permit or the object doesn't match the | ||
// permit. | ||
// If the permit is specifically false, not merely undefined, | ||
// this is a property we expect to see because we know it exists in | ||
// some environments and we have expressly decided to exclude it. | ||
// Any other disallowed property is one we have not audited and we log | ||
// that we are removing it so we know to look into it, as happens when | ||
// the language evolves new features to existing intrinsics. | ||
if (!known) { | ||
warn(`Removing ${subPath}`); | ||
} | ||
try { | ||
delete obj[prop]; | ||
} catch (err) { | ||
if (objectHasOwnProperty(obj, prop)) { | ||
if (typeof obj === 'function' && prop === 'prototype') { | ||
obj.prototype = undefined; | ||
if (obj.prototype === undefined) { | ||
warn(`Tolerating undeletable ${subPath} === undefined`); | ||
return; | ||
} | ||
} | ||
error(`failed to delete ${subPath}`, err); | ||
} else { | ||
error(`deleting ${subPath} threw`, err); | ||
} | ||
throw err; | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
packages/ses/test/tolerate-empty-prototype-toplevel.test.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* global globalThis */ | ||
import test from 'ava'; | ||
import '../index.js'; | ||
|
||
// See https://github.com/zloirock/core-js/issues/1092 | ||
// See https://github.com/endojs/endo/issues/2598 | ||
const originalEscape = globalThis.escape; | ||
globalThis.escape = function escape(...args) { | ||
return Reflect.apply(originalEscape, this, args); | ||
}; | ||
|
||
lockdown(); | ||
|
||
test('tolerate empty escape.prototype', t => { | ||
t.is(globalThis.escape, escape); | ||
t.assert('prototype' in escape); | ||
t.is(escape.prototype, undefined); | ||
t.deepEqual(Object.getOwnPropertyDescriptor(escape, 'prototype'), { | ||
value: undefined, | ||
writable: !!harden.isFake, | ||
enumerable: false, | ||
configurable: false, | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters