diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2023-11-25 11:41:21 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-25 11:41:21 -0500 |
| commit | a4ec7dfae01485290af91c62c1ce17a742dcb104 (patch) | |
| tree | ac5f66523e5151b56e10304026ba096871fbb825 /runtime/js | |
| parent | 00e4c47890e9b5d95557b06f2048d14a79de8401 (diff) | |
feat(unstable): --unstable-unsafe-proto (#21313)
Closes https://github.com/denoland/deno/issues/21276
Diffstat (limited to 'runtime/js')
| -rw-r--r-- | runtime/js/90_deno_ns.js | 2 | ||||
| -rw-r--r-- | runtime/js/99_main.js | 18 |
2 files changed, 16 insertions, 4 deletions
diff --git a/runtime/js/90_deno_ns.js b/runtime/js/90_deno_ns.js index ab2a5c308..bd664d2ea 100644 --- a/runtime/js/90_deno_ns.js +++ b/runtime/js/90_deno_ns.js @@ -208,6 +208,8 @@ const denoNsUnstableById = { 8: { cron: cron.cron, }, + // Unsafe proto + // 9: {}, }; // when editing this list, also update unstableDenoProps in cli/tsc/99_main_compiler.js diff --git a/runtime/js/99_main.js b/runtime/js/99_main.js index 1af2585a5..67667427f 100644 --- a/runtime/js/99_main.js +++ b/runtime/js/99_main.js @@ -1,9 +1,5 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. -// Removes the `__proto__` for security reasons. -// https://tc39.es/ecma262/#sec-get-object.prototype.__proto__ -delete Object.prototype.__proto__; - // Remove Intl.v8BreakIterator because it is a non-standard API. delete Intl.v8BreakIterator; @@ -14,6 +10,7 @@ const primordials = globalThis.__bootstrap.primordials; const { ArrayPrototypeFilter, ArrayPrototypeIndexOf, + ArrayPrototypeIncludes, ArrayPrototypeMap, ArrayPrototypePush, ArrayPrototypeShift, @@ -570,6 +567,12 @@ function bootstrapMainRuntime(runtimeOptions) { } } + if (!ArrayPrototypeIncludes(unstableFeatures, /* unsafe-proto */ 9)) { + // Removes the `__proto__` for security reasons. + // https://tc39.es/ecma262/#sec-get-object.prototype.__proto__ + delete Object.prototype.__proto__; + } + // Setup `Deno` global - we're actually overriding already existing global // `Deno` with `Deno` namespace from "./deno.ts". ObjectDefineProperty(globalThis, "Deno", util.readOnly(finalDenoNs)); @@ -668,6 +671,13 @@ function bootstrapWorkerRuntime( ObjectAssign(finalDenoNs, denoNsUnstableById[id]); } } + + if (!ArrayPrototypeIncludes(unstableFeatures, /* unsafe-proto */ 9)) { + // Removes the `__proto__` for security reasons. + // https://tc39.es/ecma262/#sec-get-object.prototype.__proto__ + delete Object.prototype.__proto__; + } + ObjectDefineProperties(finalDenoNs, { pid: util.getterOnly(opPid), noColor: util.getterOnly(() => ops.op_bootstrap_no_color()), |