-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
events: don't inherit from Object.prototype #6092
Conversation
8680b06
to
2cec8a1
Compare
Also, there is no performance regression with this change 💃 |
Can we make use of the test changes in #2350? |
@thefourtheye The included tests should cover it I think |
@mscdex will this have any affect on |
@evanlucas it makes sense to simply call |
2cec8a1
to
3711c52
Compare
@evanlucas Fixed. CI again: https://ci.nodejs.org/job/node-test-pull-request/2196/ |
LGTM |
process->Set(env->events_string(), Object::New(env->isolate())); | ||
Local<Object> events_obj = Object::New(env->isolate()); | ||
events_obj->SetPrototype(env->context(), Null(env->isolate())); | ||
process->Set(env->events_string(), events_obj); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this process._events
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
Hmmm, can this be back-ported? Theoretically, this could be considered a security issue for unvalidated input. |
@Fishrock123 It's definitely a semver-major change, but I don't recall how that plays out with backporting/LTS/etc. |
I don't believe back porting would be possible to v4. It might be safe to get into v5 tho. |
LGTM |
CI is green except for a flaky test and citgm is green. |
CI again one last time: https://ci.nodejs.org/job/node-test-pull-request/2305/ |
Still LGTM |
This commit safely allows event names that are named the same as properties that are ordinarily inherited from Object.prototype such as __proto__. Fixes: nodejs#728 PR-URL: nodejs#6092 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com>
3711c52
to
e38bade
Compare
iirc usually we don't care about warnings |
Typically, but it's nice to avoid them when possible to do so, no? |
I guess, just consider though, that there are tons of warnings of the same and there isn't necessarily easy ways to avoid it. |
This patch fixes the warning introduced by the changes in e38bade. Ref: nodejs#6092
This commit safely allows event names that are named the same as properties that are ordinarily inherited from Object.prototype such as __proto__. Fixes: nodejs#728 PR-URL: nodejs#6092 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This patch fixes the warning introduced by the changes in e38bade. Ref: nodejs#6092 PR-URL: nodejs#6276 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net>
Checklist
Affected core subsystem(s)
Description of change
This commit safely allows event names that are named the same as properties that are ordinarily inherited from
Object.prototype
such as__proto__
.Fixes: #728