diff options
| author | Luca Casonato <hello@lcas.dev> | 2024-05-23 00:03:35 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-23 00:03:35 +0200 |
| commit | 971f09abe486185247e1faf4e8d1419ba2506b8d (patch) | |
| tree | 3ed0cf608116ad06e88a87552333e930824cc790 /ext/webidl/00_webidl.js | |
| parent | 6c167c64d61ecfc912dc1b68d300f02aa3677235 (diff) | |
fix(runtime): use more null proto objects (#23921)
This is a primordialization effort to improve resistance against users
tampering with the global `Object` prototype.
---------
Co-authored-by: Bartek IwaĆczuk <biwanczuk@gmail.com>
Diffstat (limited to 'ext/webidl/00_webidl.js')
| -rw-r--r-- | ext/webidl/00_webidl.js | 63 |
1 files changed, 49 insertions, 14 deletions
diff --git a/ext/webidl/00_webidl.js b/ext/webidl/00_webidl.js index 6bf6714c6..9ea2200f3 100644 --- a/ext/webidl/00_webidl.js +++ b/ext/webidl/00_webidl.js @@ -192,7 +192,12 @@ function createIntegerConversion(bitLength, typeOpts) { const twoToTheBitLength = MathPow(2, bitLength); const twoToOneLessThanTheBitLength = MathPow(2, bitLength - 1); - return (V, prefix = undefined, context = undefined, opts = {}) => { + return ( + V, + prefix = undefined, + context = undefined, + opts = { __proto__: null }, + ) => { let x = toNumber(V); x = censorNegativeZero(x); @@ -251,7 +256,12 @@ function createLongLongConversion(bitLength, { unsigned }) { const lowerBound = unsigned ? 0 : NumberMIN_SAFE_INTEGER; const asBigIntN = unsigned ? BigIntAsUintN : BigIntAsIntN; - return (V, prefix = undefined, context = undefined, opts = {}) => { + return ( + V, + prefix = undefined, + context = undefined, + opts = { __proto__: null }, + ) => { let x = toNumber(V); x = censorNegativeZero(x); @@ -386,7 +396,12 @@ converters["unrestricted double"] = (V, _prefix, _context, _opts) => { return x; }; -converters.DOMString = function (V, prefix, context, opts = {}) { +converters.DOMString = function ( + V, + prefix, + context, + opts = { __proto__: null }, +) { if (typeof V === "string") { return V; } else if (V === null && opts.treatNullAsEmptyString) { @@ -464,7 +479,7 @@ converters.ArrayBuffer = ( V, prefix = undefined, context = undefined, - opts = {}, + opts = { __proto__: null }, ) => { if (!isArrayBuffer(V)) { if (opts.allowShared && !isSharedArrayBuffer(V)) { @@ -490,7 +505,7 @@ converters.DataView = ( V, prefix = undefined, context = undefined, - opts = {}, + opts = { __proto__: null }, ) => { if (!isDataView(V)) { throw makeException( @@ -539,7 +554,7 @@ ArrayPrototypeForEach( V, prefix = undefined, context = undefined, - opts = {}, + opts = { __proto__: null }, ) => { if (TypedArrayPrototypeGetSymbolToStringTag(V) !== name) { throw makeException( @@ -572,7 +587,7 @@ converters.ArrayBufferView = ( V, prefix = undefined, context = undefined, - opts = {}, + opts = { __proto__: null }, ) => { if (!ArrayBufferIsView(V)) { throw makeException( @@ -604,7 +619,7 @@ converters.BufferSource = ( V, prefix = undefined, context = undefined, - opts = {}, + opts = { __proto__: null }, ) => { if (ArrayBufferIsView(V)) { let buffer; @@ -722,7 +737,7 @@ function createDictionaryConverter(name, ...dictionaries) { return a.key < b.key ? -1 : 1; }); - const defaultValues = {}; + const defaultValues = { __proto__: null }; for (let i = 0; i < allMembers.length; ++i) { const member = allMembers[i]; if (ReflectHas(member, "defaultValue")) { @@ -747,7 +762,12 @@ function createDictionaryConverter(name, ...dictionaries) { } } - return function (V, prefix = undefined, context = undefined, opts = {}) { + return function ( + V, + prefix = undefined, + context = undefined, + opts = { __proto__: null }, + ) { const typeV = type(V); switch (typeV) { case "Undefined": @@ -812,7 +832,12 @@ function createDictionaryConverter(name, ...dictionaries) { function createEnumConverter(name, values) { const E = new SafeSet(values); - return function (V, prefix = undefined, _context = undefined, _opts = {}) { + return function ( + V, + prefix = undefined, + _context = undefined, + _opts = { __proto__: null }, + ) { const S = String(V); if (!E.has(S)) { @@ -828,7 +853,12 @@ function createEnumConverter(name, values) { } function createNullableConverter(converter) { - return (V, prefix = undefined, context = undefined, opts = {}) => { + return ( + V, + prefix = undefined, + context = undefined, + opts = { __proto__: null }, + ) => { // FIXME: If Type(V) is not Object, and the conversion to an IDL value is // being performed due to V being assigned to an attribute whose type is a // nullable callback function that is annotated with @@ -842,7 +872,12 @@ function createNullableConverter(converter) { // https://heycam.github.io/webidl/#es-sequence function createSequenceConverter(converter) { - return function (V, prefix = undefined, context = undefined, opts = {}) { + return function ( + V, + prefix = undefined, + context = undefined, + opts = { __proto__: null }, + ) { if (type(V) !== "Object") { throw makeException( TypeError, @@ -894,7 +929,7 @@ function createRecordConverter(keyConverter, valueConverter) { context, ); } - const result = {}; + const result = { __proto__: null }; // Fast path for common case (not a Proxy) if (!core.isProxy(V)) { for (const key in V) { |