From 971f09abe486185247e1faf4e8d1419ba2506b8d Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Thu, 23 May 2024 00:03:35 +0200
Subject: fix(runtime): use more null proto objects (#23921)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is a primordialization effort to improve resistance against users
tampering with the global `Object` prototype.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
---
 runtime/js/11_workers.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'runtime/js/11_workers.js')

diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js
index 5d24df93d..385376192 100644
--- a/runtime/js/11_workers.js
+++ b/runtime/js/11_workers.js
@@ -91,7 +91,7 @@ class Worker extends EventTarget {
   // still be messages left to receive.
   #status = "RUNNING";
 
-  constructor(specifier, options = {}) {
+  constructor(specifier, options = { __proto__: null }) {
     super();
     specifier = String(specifier);
     const {
@@ -254,7 +254,7 @@ class Worker extends EventTarget {
     }
   };
 
-  postMessage(message, transferOrOptions = {}) {
+  postMessage(message, transferOrOptions = { __proto__: null }) {
     const prefix = "Failed to execute 'postMessage' on 'MessagePort'";
     webidl.requiredArguments(arguments.length, 1, prefix);
     message = webidl.converters.any(message);
-- 
cgit v1.2.3