Change from 0.10 => 1.2; `enumerable` of `this.escape` in `vm.runInNewContext` was false, now true #864

smikes · 2015-02-17T12:40:42Z

Here's the behavior from node 0.10:

$ node -p 'require("vm").runInNewContext("Object.getOwnPropertyDescriptor(this,\"escape\")", {})'
{ value: [Function: escape],
  writable: true,
  enumerable: false,
  configurable: true }

And in [email protected]:

$ nvm use 1.2
Now using io.js v1.2.0
$ node -p 'require("vm").runInNewContext("Object.getOwnPropertyDescriptor(this,\"escape\")", {})'
{ value: [Function: escape],
  writable: true,
  enumerable: true,
  configurable: true }

Is this an intentional change? Is it documented anywhere? FWIW this is present in node@0.11 as well

The text was updated successfully, but these errors were encountered:

anba · 2015-02-17T13:11:23Z

I guess this is related to https://code.google.com/p/v8/issues/detail?id=3861. GetOwnPropertyNames() is called here.

smikes · 2015-02-17T13:25:14Z

Testing with cloneProperty in the REPL correctly generates an escape with enumerable: false:

> c = require('./cloneProperty')
[Function: cloneProperty]
> s = {}
{}
> c(global, "escape", s)
undefined
> s
{}
> Object.getOwnPropertyDescriptor(s, "escape")
{ value: [Function: escape],
  writable: true,
  enumerable: false,
  configurable: true }

where cloneProperty.js is:

function cloneProperty(source, key, target) {
                if (key === 'Proxy') return;
                try {
                  var desc = Object.getOwnPropertyDescriptor(source, key);
                  if (desc.value === source) desc.value = target;
                  Object.defineProperty(target, key, desc);
                } catch (e) {
                 // Catch sealed properties errors
                }
              }

module.exports = cloneProperty;

bnoordhuis · 2015-02-17T13:53:20Z

I suspect that's caused by the named property interceptor for the global object here.

if (!in_sandbox || !in_proxy_global) {
  args.GetReturnValue().Set(None);
}

Not sure what the best way to fix it is. The interceptor needs to retrieve the actual property attributes somehow without causing infinite recursion.

GlobalPropertyQueryCallback() was returning `None` as attributes for all properties, without regard to actual properties settings. This patch looks up attributes for sandbox-defined properties and returns them. Partial fix for nodejsgh-864 Add test for nodejsgh-864, non-default settings of object properties (e.g., `enumerable: false`) are not visible when object is used as a sandbox

smikes · 2015-02-19T22:39:45Z

@boordhuis - Indeed, getting attributes for properties of the global is tricky. I have a PR (#885) for the sandbox side, which was easy.

I tried something like this:

    Local<Context> context = PersistentToLocal(isolate, ctx->context_);
    attr = context->Global()->GetPropertyAttributes(property);

But that set off an infinite recursion, as you predicted. Any suggestions?

bnoordhuis · 2015-02-19T22:45:58Z

@smikes I commented on that here. It looks like V8 needs to grow some new APIs to fix this issue. I have it on my radar but I'm stretched rather thin at the moment.

bnoordhuis · 2015-02-20T14:01:25Z

https://codereview.chromium.org/942003003/

Add v8::Object::GetRealNamedPropertyAttributes() and v8::Object::GetRealNamedPropertyAttributesInPrototypeChain(). See nodejs/node#864 for background. Review URL: https://codereview.chromium.org/942003003 Cr-Commit-Position: refs/heads/master@{#26855}

Fishrock123 · 2015-03-06T17:12:17Z

Looks like the v8 patch landed.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of nodejs#885. Fixes nodejs#885; fixes nodejs#864.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of nodejs#885. Fixes nodejs#885; fixes nodejs#864.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of nodejs#885. Fixes nodejs#885; fixes nodejs#864.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of nodejs#885. Fixes nodejs#885; fixes nodejs#864.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

domenic · 2015-06-05T17:58:50Z

This can be closed as it's fixed in next.

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

@smikes

The GlobalPropertyQueryCallback was changed in 2010 to return an integer instead of a boolean: https://groups.google.com/forum/#!topic/v8-users/OOjHJrix-cU This integer communicates the property descriptors of the property, instead of just its presence or absence. However, the original contextify code was probably written before this change, and it was not updated when porting to Node.js. Credit to @smikes for the test and the original PR of #885. Fixes: #864 Fixes: #885 PR-URL: #1773 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

smikes mentioned this issue Feb 17, 2015

annexB/B.2.1.js fails in test262-harness with -r node, >= 0.11 tc39/test262-harness#34

Closed

Fishrock123 added the vm Issues and PRs related to the vm subsystem. label Feb 17, 2015

smikes mentioned this issue Feb 18, 2015

Partial fix for #864 - report property attributes from sandbox object #885

Closed

bnoordhuis mentioned this issue Feb 19, 2015

vm: access to Symbols on global context does not work across sandbox boundary #884

Closed

domenic mentioned this issue May 22, 2015

vm: fix a variety of bugs, using V8 4.3 APIs #1773

Closed

bnoordhuis closed this as completed Jun 5, 2015

iamlockon mentioned this issue Dec 19, 2019

Test failing InspectorSocketServerTest.ServerCannotStart #25353

Closed

snyk-bot mentioned this issue Jan 31, 2022

[Snyk] Security upgrade shelljs from 0.7.8 to 0.8.5 enterstudio/node#26

Open

aliscco mentioned this issue Apr 27, 2023

[Snyk] Fix for 30 vulnerabilities aliscco/alisco-node#279

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change from 0.10 => 1.2; `enumerable` of `this.escape` in `vm.runInNewContext` was false, now true #864

Change from 0.10 => 1.2; `enumerable` of `this.escape` in `vm.runInNewContext` was false, now true #864

smikes commented Feb 17, 2015

anba commented Feb 17, 2015

smikes commented Feb 17, 2015

bnoordhuis commented Feb 17, 2015

smikes commented Feb 19, 2015

bnoordhuis commented Feb 19, 2015

bnoordhuis commented Feb 20, 2015

Fishrock123 commented Mar 6, 2015

domenic commented Jun 5, 2015

Change from 0.10 => 1.2; enumerable of this.escape in vm.runInNewContext was false, now true #864

Change from 0.10 => 1.2; enumerable of this.escape in vm.runInNewContext was false, now true #864

Comments

smikes commented Feb 17, 2015

anba commented Feb 17, 2015

smikes commented Feb 17, 2015

bnoordhuis commented Feb 17, 2015

smikes commented Feb 19, 2015

bnoordhuis commented Feb 19, 2015

bnoordhuis commented Feb 20, 2015

Fishrock123 commented Mar 6, 2015

domenic commented Jun 5, 2015

Change from 0.10 => 1.2; `enumerable` of `this.escape` in `vm.runInNewContext` was false, now true #864

Change from 0.10 => 1.2; `enumerable` of `this.escape` in `vm.runInNewContext` was false, now true #864