From b2cd254c35b6b1b128beea0eacdb8e814d91e003 Mon Sep 17 00:00:00 2001 From: Kenta Moriuchi Date: Thu, 4 Jan 2024 13:12:38 +0900 Subject: fix: strict type check for cross realms (#21669) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Deno v1.39 introduces `vm.runInNewContext`. This may cause problems when using `Object.prototype.isPrototypeOf` to check built-in types. ```js import vm from "node:vm"; const err = new Error(); const crossErr = vm.runInNewContext(`new Error()`); console.assert( !(crossErr instanceof Error) ); console.assert( Object.getPrototypeOf(err) !== Object.getPrototypeOf(crossErr) ); ``` This PR changes to check using internal slots solves them. --- current: ``` > import vm from "node:vm"; undefined > vm.runInNewContext(`new Error("message")`) Error {} > vm.runInNewContext(`new Date("2018-12-10T02:26:59.002Z")`) Date {} ``` this PR: ``` > import vm from "node:vm"; undefined > vm.runInNewContext(`new Error("message")`) Error: message at :1:1 > vm.runInNewContext(`new Date("2018-12-10T02:26:59.002Z")`) 2018-12-10T02:26:59.002Z ``` --------- Co-authored-by: Bartek IwaƄczuk --- ext/fetch/22_body.js | 15 ++++++--------- ext/fetch/26_fetch.js | 4 ++-- ext/fetch/27_eventsource.js | 2 +- 3 files changed, 9 insertions(+), 12 deletions(-) (limited to 'ext/fetch') diff --git a/ext/fetch/22_body.js b/ext/fetch/22_body.js index b10540883..2d633ae39 100644 --- a/ext/fetch/22_body.js +++ b/ext/fetch/22_body.js @@ -37,7 +37,6 @@ import { readableStreamThrowIfErrored, } from "ext:deno_web/06_streams.js"; const { - ArrayBufferPrototype, ArrayBufferIsView, ArrayPrototypeMap, DataViewPrototypeGetBuffer, @@ -46,8 +45,6 @@ const { JSONParse, ObjectDefineProperties, ObjectPrototypeIsPrototypeOf, - // TODO(lucacasonato): add SharedArrayBuffer to primordials - // SharedArrayBufferPrototype TypedArrayPrototypeGetBuffer, TypedArrayPrototypeGetByteLength, TypedArrayPrototypeGetByteOffset, @@ -56,6 +53,10 @@ const { TypeError, Uint8Array, } = primordials; +const { + isAnyArrayBuffer, + isArrayBuffer, +} = core; /** * @param {Uint8Array | string} chunk @@ -412,7 +413,7 @@ function extractBody(object) { ); } source = TypedArrayPrototypeSlice(object); - } else if (ObjectPrototypeIsPrototypeOf(ArrayBufferPrototype, object)) { + } else if (isArrayBuffer(object)) { source = TypedArrayPrototypeSlice(new Uint8Array(object)); } else if (ObjectPrototypeIsPrototypeOf(FormDataPrototype, object)) { const res = formDataToBlob(object); @@ -461,11 +462,7 @@ webidl.converters["BodyInit_DOMString"] = (V, prefix, context, opts) => { return webidl.converters["URLSearchParams"](V, prefix, context, opts); } if (typeof V === "object") { - if ( - ObjectPrototypeIsPrototypeOf(ArrayBufferPrototype, V) || - // deno-lint-ignore prefer-primordials - ObjectPrototypeIsPrototypeOf(SharedArrayBuffer.prototype, V) - ) { + if (isAnyArrayBuffer(V)) { return webidl.converters["ArrayBuffer"](V, prefix, context, opts); } if (ArrayBufferIsView(V)) { diff --git a/ext/fetch/26_fetch.js b/ext/fetch/26_fetch.js index 38605d5c9..b53013e49 100644 --- a/ext/fetch/26_fetch.js +++ b/ext/fetch/26_fetch.js @@ -51,7 +51,7 @@ const { StringPrototypeStartsWith, StringPrototypeToLowerCase, TypeError, - Uint8ArrayPrototype, + TypedArrayPrototypeGetSymbolToStringTag, } = primordials; const REQUEST_BODY_HEADER_NAMES = [ @@ -131,7 +131,7 @@ async function mainFetch(req, recursive, terminator) { const stream = req.body.streamOrStatic; const body = stream.body; - if (ObjectPrototypeIsPrototypeOf(Uint8ArrayPrototype, body)) { + if (TypedArrayPrototypeGetSymbolToStringTag(body) === "Uint8Array") { reqBody = body; } else if (typeof body === "string") { reqBody = core.encode(body); diff --git a/ext/fetch/27_eventsource.js b/ext/fetch/27_eventsource.js index a7f8ba77d..fa1d928e5 100644 --- a/ext/fetch/27_eventsource.js +++ b/ext/fetch/27_eventsource.js @@ -7,7 +7,7 @@ import { core, primordials } from "ext:core/mod.js"; import * as webidl from "ext:deno_webidl/00_webidl.js"; import { createFilteredInspectProxy } from "ext:deno_console/01_console.js"; import { URL } from "ext:deno_url/00_url.js"; -import DOMException from "ext:deno_web/01_dom_exception.js"; +import { DOMException } from "ext:deno_web/01_dom_exception.js"; import { defineEventHandler, EventTarget, -- cgit v1.2.3