-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
console: prevent constructing console methods #26096
Conversation
Can you add a test? Lines 278 to 279 in de2bdfb
|
Sure.
It's mentioned in the PR description: "It prevents constructing methods of console instance, except for the global console". Please read the relevant discussion in #25987. I will open separate PR for |
Sorry for not reading the PR description carefully *_*
https://github.com/Hakerh400/node/commit/f084076963c7cdb0dbdcf8ad281c557021f50fc1 affects many other things because the behavior change is done in |
Thanks. Applied the suggestion & added a test. |
src/inspector_js_api.cc
Outdated
const v8::NewStringType type = v8::NewStringType::kInternalized; | ||
v8::Local<v8::String> name_string = | ||
v8::String::NewFromUtf8(env->isolate(), "consoleCall", type) | ||
.ToLocalChecked(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could probably use FIXED_ONE_BYTE_STRING
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe an env.h string?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added FIXED_ONE_BYTE_STRING
for consistency with conn_str
from inspector::Initialize
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with a nit
lib/internal/console/constructor.js
Outdated
}; | ||
|
||
for (const method of Reflect.ownKeys(consoleMethods)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you put this near the end of the file and keep most of the implementation closer to where they used to be to preserve more git blame history?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added two new lines to align some diffs. All methods are in the same order as before, but console.table
pretty much destroys the rest. Not sure if that is fixable.
Rebased and resolved the conflict that has just appeared. |
@Hakerh400 There wasn’t much activity here because we had a security release being prepared, meaning that e.g. CI only had limited availability. |
Landed in e9ed6b9, thanks for the PR! 🎉 |
Ref: #25987 PR-URL: #26096 Refs: #25987 Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Gabriel Schulhof <[email protected]>
Should this be backported to |
To whom the question is directed? If the general opinion is biased towards backporting, I'll open PR. |
Ref: #25987 PR-URL: #26096 Refs: #25987 Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Gabriel Schulhof <[email protected]>
I backported this directly to the staging branch. |
@Hakerh400 most of the time the person who originally opened the PR is also the best to backport it and to judge if it makes sense to backport something. But anybody could come along and just do that, so it's a generic question about how people feel about backporting something. |
Ref: #25987
This PR defined all console methods (except the ones intended for internal use) as methods rather than constructible functions. It prevents constructing methods of console instance, except for the global console (opened as separate PR as per #25987 (comment)).
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes