Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eval Rewriting + Scope Fix #668

Merged
merged 2 commits into from
Aug 12, 2021
Merged

Eval Rewriting + Scope Fix #668

merged 2 commits into from
Aug 12, 2021

Conversation

ikreymer
Copy link
Member

Description

An alternate fix to #663 that removes the WB_wombat_ prefix and instead overrides non-top-level with self.eval.
The proxy in wombat.js intercepts eval() on the object and returns a version that has rewriting enabled.

This is possible since:

a = eval
a(...)

and

a.= self.eval
a(...)

are equivalent in that the eval is run in the global scope, but, the latter allows for interception of eval by the object proxy.

Also: wrapping injected let vars in separate anonymous scope, as suggested in webrecorder/wombat#72

Motivation and Context

Provides a fix for #663 and avoids the false positive introduced in #664.
(Note: still small chance of issue if self is redefined, can revisit if real-world examples come up).

Screenshots (if appropriate):

Types of changes

  • Replay fix (fixes a replay specific issue)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added or updated tests to cover my changes.
  • All new and existing tests passed.

@ikreymer
eval fix: instead of rewriting to 'WB_wombat_eval', rewrite to 'self.…
cbd0652 
…eval' for non-top-level eval

the wombat object will handle rewriting the eval arg on 'self.eval'
tighten rewriting for top-level 'eval', add additional tests
part of fix for #663
@ikreymer
rewrite wrap: add extra {, } to avoid collisions, as suggested in web…
e4db25f 
…recorder/wombat#72

eval rewrite: exclude ',eval' as more likely than not causing a false positive, as per #643
update to latest wombat
@ikreymer ikreymer mentioned this pull request Aug 12, 2021
Closed
8 tasks
@ikreymer ikreymer merged commit b28c8f1 into main Aug 12, 2021
@ikreymer ikreymer mentioned this pull request Aug 12, 2021
Closed
ikreymer added a commit to webrecorder/wabac.js that referenced this pull request Aug 13, 2021
@ikreymer
html parsing improvements:
66a8a36 
- more efficient html parsing: ensure parse5 receives buffers upto 256k
- remove extra buffer cache for raw text, instead set parse5 to keep buffers upto 256k instead of 64k
- remove PassThrough stream, just use existing stream directly
- can stream very large html!

js rewriting: eval() improvements
- update eval() regexs to match pywb
- prefix non-top-level eval with 'self.' instead of 'WB_wombat_', consistent with wombat 3.3.0 and webrecorder/pywb#668
- add extra '{', '}' for rewriting JS, as per webrecorder/wombat#72

jsonp rewriting:
- more lenient check for JSONP, use existing regex, remove second contains check

fuzzy matcher:
- different heurstic for status >200 to avoid negative scores

bump wombat to 3.3.0: disable POST-to-get rewriting, now support in Chrome!

bump to 2.8.0-beta.0
@ikreymer ikreymer deleted the eval-fix branch November 10, 2021 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ikreymer