diff options
| author | Nayeem Rahman <nayeemrmn99@gmail.com> | 2021-01-07 10:52:30 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-07 05:52:30 -0500 |
| commit | b5f1d257a3fb816dbf828da3dca0389e6cee2bb0 (patch) | |
| tree | 752dc204793d4389bbc4e886b0dbd68e2cc24029 | |
| parent | cb658f5ce588dfac4826a5ce4d343738759c0c84 (diff) | |
fix: Use "none" instead of false to sandbox Workers (#9034)
| -rw-r--r-- | cli/dts/lib.deno.shared_globals.d.ts | 15 | ||||
| -rw-r--r-- | cli/tests/workers_test.ts | 2 | ||||
| -rw-r--r-- | docs/runtime/workers.md | 2 | ||||
| -rw-r--r-- | runtime/js/11_workers.js | 4 |
4 files changed, 11 insertions, 12 deletions
diff --git a/cli/dts/lib.deno.shared_globals.d.ts b/cli/dts/lib.deno.shared_globals.d.ts index 74abbc95b..d3061eee0 100644 --- a/cli/dts/lib.deno.shared_globals.d.ts +++ b/cli/dts/lib.deno.shared_globals.d.ts @@ -666,7 +666,7 @@ declare class Worker extends EventTarget { * * Set deno.namespace to `true` to make `Deno` namespace and all of its methods * available to worker thread. The namespace is disabled by default. - * + * * Configure deno.permissions options to change the level of access the worker will * have. By default it will inherit the permissions of its parent thread. The permissions * of a worker can't be extended beyond its parent's permissions reach. @@ -718,17 +718,16 @@ declare class Worker extends EventTarget { */ // TODO(Soremwar) // `deno: true` is kept for backwards compatibility with the previous worker - // options implementation. Remove for 2.0 + // options implementation. Remove for 2.0. deno?: true | { namespace?: boolean; - /** Set to false to disable all the permissions in the worker */ - permissions?: "inherit" | false | { + /** Set to `"none"` to disable all the permissions in the worker. */ + permissions?: "inherit" | "none" | { env?: "inherit" | boolean; hrtime?: "inherit" | boolean; - /** - * The format of the net access list must be `hostname[:port]` - * in order to be resolved - * + /** The format of the net access list must be `hostname[:port]` + * in order to be resolved. + * * ``` * net: ["https://deno.land", "localhost:8080"], * ``` diff --git a/cli/tests/workers_test.ts b/cli/tests/workers_test.ts index 2dfc7e26b..c35ea72f5 100644 --- a/cli/tests/workers_test.ts +++ b/cli/tests/workers_test.ts @@ -600,7 +600,7 @@ Deno.test("Worker with disabled permissions", async function () { type: "module", deno: { namespace: true, - permissions: false, + permissions: "none", }, }, ); diff --git a/docs/runtime/workers.md b/docs/runtime/workers.md index caed638b0..14e028705 100644 --- a/docs/runtime/workers.md +++ b/docs/runtime/workers.md @@ -241,7 +241,7 @@ the `deno.permissions` option in the worker API. type: "module", deno: { namespace: true, - permissions: false, + permissions: "none", }, }); ``` diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js index db0bbc3c7..4989cd4b5 100644 --- a/runtime/js/11_workers.js +++ b/runtime/js/11_workers.js @@ -152,9 +152,9 @@ : deno?.permissions, }; - // If the permission option is set to false, all permissions + // If the permission option is set to "none", all permissions // must be removed from the worker - if (workerDenoAttributes.permissions === false) { + if (workerDenoAttributes.permissions === "none") { workerDenoAttributes.permissions = { env: false, hrtime: false, |