vndb/mithril-vndb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid triggering Object.prototype.__proto__ with keys (#2251)

Browse source 
This way, the diff algorithm works with untrusted keys.
This commit is contained in:
Isiah Meadows 2018-10-15 15:09:55 -04:00 committed by GitHub
parent d2ca44b693
commit 88b17c1c60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
render/tests/test-updateNodes.js
View file

@ -264,6 +264,21 @@ o.spec("updateNodes", function() {
o(updated[2].dom.nodeName).equals("S")
o(updated[2].dom).equals(root.childNodes[2])
})
o("creates, deletes, reverses els at same time with '__proto__' key", function() {
var vnodes = [{tag: "a", key: "__proto__"}, {tag: "i", key: 3}, {tag: "b", key: 2}]
var updated = [{tag: "b", key: 2}, {tag: "a", key: "__proto__"}, {tag: "s", key: 4}]
render(root, vnodes)
render(root, updated)
o(root.childNodes.length).equals(3)
o(updated[0].dom.nodeName).equals("B")
o(updated[0].dom).equals(root.childNodes[0])
o(updated[1].dom.nodeName).equals("A")
o(updated[1].dom).equals(root.childNodes[1])
o(updated[2].dom.nodeName).equals("S")
o(updated[2].dom).equals(root.childNodes[2])
})
o("adds to empty array followed by el", function() {
var vnodes = [{tag: "[", key: 1, children: []}, {tag: "b", key: 2}]
var updated = [{tag: "[", key: 1, children: [{tag: "a"}]}, {tag: "b", key: 2}]
@ -1242,7 +1257,7 @@ o.spec("updateNodes", function() {
o(root.appendChild.callCount + root.insertBefore.callCount).equals(5)
o(tagNames).deepEquals(expectedTagNames)
})
components.forEach(function(cmp){
o.spec(cmp.kind, function(){
var createComponent = cmp.create