From d400b04df6c94dc590b59f13f464c80f32377489 Mon Sep 17 00:00:00 2001 From: LeoTM <1881059+leotm@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:47:31 +0000 Subject: [PATCH 1/3] fix(ses): removeUnpermittedIntrinsics on Hermes --- packages/ses/src/cauterize-property.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/packages/ses/src/cauterize-property.js b/packages/ses/src/cauterize-property.js index b7bd4929a4..0b2eac54ac 100644 --- a/packages/ses/src/cauterize-property.js +++ b/packages/ses/src/cauterize-property.js @@ -23,6 +23,9 @@ import { objectHasOwnProperty } from './commons.js'; * an undeletable `.prototype` property. In these cases, if we can * set the value of that bogus `.prototype` property to `undefined`, * we do so, issuing a warning, rather than failing to initialize ses. + * Finally we also tolerate functions with undeletable `.caller` and + * `.arguments` properties to conclude removing unpermitted intrinsics + * on Hermes. * * @param {object} obj * @param {PropertyKey} prop @@ -60,6 +63,13 @@ export const cauterizeProperty = ( return; } } + if ( + typeof obj === 'function' && + (prop === 'caller' || prop === 'arguments') + ) { + warn(`Tolerating undeletable ${subPath}`); + return; + } error(`failed to delete ${subPath}`, err); } else { error(`deleting ${subPath} threw`, err); From 3ef249fdec29f07b089b1671ad6dec77b5423881 Mon Sep 17 00:00:00 2001 From: LeoTM <1881059+leotm@users.noreply.github.com> Date: Wed, 11 Dec 2024 17:24:43 +0000 Subject: [PATCH 2/3] Revert "fix(ses): removeUnpermittedIntrinsics on Hermes" This reverts commit d400b04df6c94dc590b59f13f464c80f32377489. --- packages/ses/src/cauterize-property.js | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/packages/ses/src/cauterize-property.js b/packages/ses/src/cauterize-property.js index 0b2eac54ac..b7bd4929a4 100644 --- a/packages/ses/src/cauterize-property.js +++ b/packages/ses/src/cauterize-property.js @@ -23,9 +23,6 @@ import { objectHasOwnProperty } from './commons.js'; * an undeletable `.prototype` property. In these cases, if we can * set the value of that bogus `.prototype` property to `undefined`, * we do so, issuing a warning, rather than failing to initialize ses. - * Finally we also tolerate functions with undeletable `.caller` and - * `.arguments` properties to conclude removing unpermitted intrinsics - * on Hermes. * * @param {object} obj * @param {PropertyKey} prop @@ -63,13 +60,6 @@ export const cauterizeProperty = ( return; } } - if ( - typeof obj === 'function' && - (prop === 'caller' || prop === 'arguments') - ) { - warn(`Tolerating undeletable ${subPath}`); - return; - } error(`failed to delete ${subPath}`, err); } else { error(`deleting ${subPath} threw`, err); From 49f0f41d5d57c5080e4d78a0d1670f6667ab7a31 Mon Sep 17 00:00:00 2001 From: LeoTM <1881059+leotm@users.noreply.github.com> Date: Wed, 11 Dec 2024 17:28:36 +0000 Subject: [PATCH 3/3] fix(ses): removeUnpermittedIntrinsics on Hermes --- packages/ses/src/permits.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/ses/src/permits.js b/packages/ses/src/permits.js index c5745903ee..13432ad689 100644 --- a/packages/ses/src/permits.js +++ b/packages/ses/src/permits.js @@ -1,7 +1,7 @@ /* eslint-disable no-restricted-globals */ /* eslint max-lines: 0 */ -import { arrayPush } from './commons.js'; +import { arrayPush, getOwnPropertyNames, arrayForEach } from './commons.js'; /** @import {GenericErrorConstructor} from '../types.js' */ @@ -299,6 +299,22 @@ const accessor = { set: fn, }; +// eslint-disable-next-line func-names +const strict = function () { + 'use strict'; +}; + +arrayForEach(getOwnPropertyNames(strict), prop => { + try { + strict[prop]; + } catch (e) { + // https://github.com/facebook/hermes/blob/main/test/hermes/function-non-strict.js + if (e.message === 'Restricted in strict mode') { + FunctionInstance[prop] = accessor; + } + } +}); + export const isAccessorPermit = permit => { return permit === getter || permit === accessor; };