fix(runtime): use more null proto objects (#23921)

This is a primordialization effort to improve resistance against users tampering with the global `Object` prototype. --------- Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2024-05-23 00:03:35 +0200
committer: GitHub <noreply@github.com> 2024-05-23 00:03:35 +0200
commit: 971f09abe486185247e1faf4e8d1419ba2506b8d (patch)
tree: 3ed0cf608116ad06e88a87552333e930824cc790 /cli/js
parent: 6c167c64d61ecfc912dc1b68d300f02aa3677235 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/cli/js/40_jupyter.js b/cli/js/40_jupyter.js
index 9fab1c414..0e0a4d7ac 100644
--- a/cli/js/40_jupyter.js
+++ b/cli/js/40_jupyter.js
@@ -342,7 +342,7 @@ function enableJupyter() {
   async function broadcast(
     msgType,
     content,
-    { metadata = {}, buffers = [] } = {},
+    { metadata = { __proto__: null }, buffers = [] } = { __proto__: null },
   ) {
     await op_jupyter_broadcast(msgType, content, metadata, buffers);
   }
@@ -400,7 +400,7 @@ function enableJupyter() {
     if (options.update) {
       messageType = "update_display_data";
     }
-    let transient = {};
+    let transient = { __proto__: null };
     if (options.display_id) {
       transient = { display_id: options.display_id };
     }
diff --git a/cli/js/40_test.js b/cli/js/40_test.js
index d93228940..2877bfa9b 100644
--- a/cli/js/40_test.js
+++ b/cli/js/40_test.js
@@ -196,7 +196,7 @@ function testInner(
   nameOrFnOrOptions,
   optionsOrFn,
   maybeFn,
-  overrides = {},
+  overrides = { __proto__: null },
 ) {
   // No-op if we're not running in `deno test` subcommand.
   if (typeof op_register_test !== "function") {
author	Luca Casonato <hello@lcas.dev>	2024-05-23 00:03:35 +0200
committer	GitHub <noreply@github.com>	2024-05-23 00:03:35 +0200
commit	971f09abe486185247e1faf4e8d1419ba2506b8d (patch)
tree	3ed0cf608116ad06e88a87552333e930824cc790 /cli/js
parent	6c167c64d61ecfc912dc1b68d300f02aa3677235 (diff)