Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity
2eeb4e1d94
node/lib
History
Antoine du Hamel 2eeb4e1d94
lib: make primordials Promise methods safe 
`catch` and `finally` methods on %Promise.prototype% looks up the `then`
property of the instance, making it at risk of prototype pollution.

PR-URL: https://github.com/nodejs/node/pull/38650
Refs: https://tc39.es/ecma262/#sec-promise.prototype.catch
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2021-05-19 09:21:37 -07:00
..
assert
dns
fs
internal lib: make primordials Promise methods safe 2021-05-19 09:21:37 -07:00
path
stream stream: move duplicated code to an internal module 2021-02-28 05:07:26 -08:00
timers lib: make primordials Promise methods safe 2021-05-19 09:21:37 -07:00
util
_http_agent.js http: refactor to avoid unsafe array iteration 2021-03-13 10:39:07 +01:00
_http_client.js http: refactor to remove redundant argument of _deferToConnect 2021-05-14 14:43:33 +02:00
_http_common.js lib: revert primordials in a hot path 2021-04-19 10:23:01 +02:00
_http_incoming.js lib: revert primordials in a hot path 2021-04-19 10:23:01 +02:00
_http_outgoing.js lib: revert primordials in a hot path 2021-04-19 10:23:01 +02:00
_http_server.js lib: revert primordials in a hot path 2021-04-19 10:23:01 +02:00
_stream_duplex.js stream: do not use _stream_* anymore 2021-01-05 19:02:04 +01:00
_stream_passthrough.js stream: do not use _stream_* anymore 2021-01-05 19:02:04 +01:00
_stream_readable.js stream: do not use _stream_* anymore 2021-01-05 19:02:04 +01:00
_stream_transform.js stream: do not use _stream_* anymore 2021-01-05 19:02:04 +01:00
_stream_wrap.js
_stream_writable.js stream: do not use _stream_* anymore 2021-01-05 19:02:04 +01:00
_tls_common.js tls: extract out SecureContext configuration 2021-04-12 08:39:16 -07:00
_tls_wrap.js tls: validate ticket keys buffer 2021-04-23 13:18:38 +02:00
.eslintrc.yaml lib: harden lint checks for globals 2021-04-28 13:13:23 -07:00
assert.js typings: add JSDoc typings for assert 2021-04-15 16:43:21 +02:00
async_hooks.js async_hooks: refactor to avoid unsafe array iteration 2021-02-01 16:16:38 +01:00
buffer.js buffer: remove TODOs in atob / btoa 2021-05-09 09:11:38 +02:00
child_process.js child_process: remove unused argument 2021-03-28 07:55:57 -07:00
cluster.js lib,src: update cluster to use Parent 2021-01-05 15:41:45 -05:00
console.js
constants.js
crypto.js crypto: make FIPS related options always awailable 2021-02-25 18:12:58 -05:00
dgram.js dgram: extract cluster lazy loading method to make it testable 2021-05-09 09:16:22 +02:00
diagnostics_channel.js lib: refactor to use validateFunction 2021-01-27 20:46:54 +02:00
dns.js lib: refactor to use validateString 2021-01-22 19:56:34 -08:00
domain.js lib: change wording in lib/domain.js comment 2021-04-01 13:12:48 -07:00
events.js events: use nullish coalencing operator 2021-05-17 12:26:29 -07:00
fs.js src: fix validation of negative offset to avoid abort 2021-04-28 11:04:42 -07:00
http2.js
http.js typings: add JSDoc typings for http 2021-04-16 07:47:46 +02:00
https.js lib: remove usage of url.parse 2021-02-11 19:30:28 +05:30
inspector.js lib: refactor to use validateObject 2021-01-28 12:53:50 +01:00
module.js
net.js lib: revert primordials in a hot path 2021-04-19 10:23:01 +02:00
os.js lib: fix and improve os typings 2021-04-26 11:54:15 -07:00
path.js path: inline conditions 2021-05-12 07:26:22 -07:00
perf_hooks.js perf_hooks: add toJSON to performance class 2021-04-30 13:28:27 -07:00
process.js
punycode.js punycode: add pending deprecation 2021-04-30 10:59:28 -07:00
querystring.js typings: add JSDoc Types to lib/querystring 2021-04-18 11:00:28 +02:00
readline.js typings: add JSDoc typings for readline 2021-05-04 14:54:52 -07:00
repl.js repl: fix Ctrl+C on top level await 2021-05-15 21:47:55 +02:00
stream.js
string_decoder.js
sys.js
timers.js Revert "timers: refactor to use optional chaining" 2021-04-19 23:34:15 +01:00
tls.js tls: extract out SecureContext configuration 2021-04-12 08:39:16 -07:00
trace_events.js lib: refactor to use validateObject 2021-01-28 12:53:50 +01:00
tty.js tty: validate file descriptor to avoid int32 overflow 2021-03-23 11:02:03 +01:00
url.js url: forbid certain confusable changes from being introduced by toASCII 2021-05-13 23:04:23 -07:00
util.js typings: add JSDoc typings for util 2021-04-24 11:56:42 +02:00
v8.js bootstrap: include v8 module into the builtin snapshot 2021-02-19 19:08:07 +08:00
vm.js vm: add importModuleDynamically option to compileFunction 2021-02-05 09:16:33 -06:00
wasi.js wasi: refactor to avoid unsafe array iteration 2021-01-06 11:34:02 +01:00
worker_threads.js worker: add setEnvironmentData/getEnvironmentData 2021-03-15 07:40:26 -07:00
zlib.js zlib: fix brotli flush range 2021-05-01 16:41:37 -07:00