fix(runtime): use more null proto objects (#23921)

This is a primordialization effort to improve resistance against users tampering with the global `Object` prototype. --------- Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2024-05-23 00:03:35 +0200
committer: GitHub <noreply@github.com> 2024-05-23 00:03:35 +0200
commit: 971f09abe486185247e1faf4e8d1419ba2506b8d (patch)
tree: 3ed0cf608116ad06e88a87552333e930824cc790 /ext/fetch/20_headers.js
parent: 6c167c64d61ecfc912dc1b68d300f02aa3677235 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/fetch/20_headers.js b/ext/fetch/20_headers.js
index 3ee9d9184..1690d9f7d 100644
--- a/ext/fetch/20_headers.js
+++ b/ext/fetch/20_headers.js
@@ -100,7 +100,7 @@ function checkForInvalidValueChars(value) {
   return true;
 }
 
-let HEADER_NAME_CACHE = {};
+let HEADER_NAME_CACHE = { __proto__: null };
 let HEADER_CACHE_SIZE = 0;
 const HEADER_NAME_CACHE_SIZE_BOUNDARY = 4096;
 function checkHeaderNameForHttpTokenCodePoint(name) {
@@ -112,7 +112,7 @@ function checkHeaderNameForHttpTokenCodePoint(name) {
   const valid = RegExpPrototypeTest(HTTP_TOKEN_CODE_POINT_RE, name);
 
   if (HEADER_CACHE_SIZE > HEADER_NAME_CACHE_SIZE_BOUNDARY) {
-    HEADER_NAME_CACHE = {};
+    HEADER_NAME_CACHE = { __proto__: null };
     HEADER_CACHE_SIZE = 0;
   }
   HEADER_CACHE_SIZE++;
@@ -241,7 +241,7 @@ class Headers {
 
     // The order of steps are not similar to the ones suggested by the
     // spec but produce the same result.
-    const seenHeaders = {};
+    const seenHeaders = { __proto__: null };
     const entries = [];
     for (let i = 0; i < list.length; ++i) {
       const entry = list[i];
author	Luca Casonato <hello@lcas.dev>	2024-05-23 00:03:35 +0200
committer	GitHub <noreply@github.com>	2024-05-23 00:03:35 +0200
commit	971f09abe486185247e1faf4e8d1419ba2506b8d (patch)
tree	3ed0cf608116ad06e88a87552333e930824cc790 /ext/fetch/20_headers.js
parent	6c167c64d61ecfc912dc1b68d300f02aa3677235 (diff)