mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 10:59:27 +00:00
2e2dc99115
In a previous commit, the loader implementation was modified to be protected against most prototype pollution, but was kept vulnerable to `Array.prototype` pollution. This commit fixes that, the tradeoff is that it modifies the `ESMLoader.prototype.import` return type from an `Array` to an array-like object. Refs: https://github.com/nodejs/node/pull/45044 PR-URL: https://github.com/nodejs/node/pull/45175 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
13 lines
292 B
JavaScript
13 lines
292 B
JavaScript
'use strict';
|
|
|
|
const { mustNotCall, mustCall } = require('../common');
|
|
|
|
Object.defineProperties(Object.prototype, {
|
|
then: {
|
|
set: mustNotCall('set %Object.prototype%.then'),
|
|
get: mustNotCall('get %Object.prototype%.then'),
|
|
},
|
|
});
|
|
|
|
import('data:text/javascript,').then(mustCall());
|