yujunjun/playwright
1
0
Fork 0
mirror of https://github.com/microsoft/playwright.git synced 2025-06-26 21:40:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sanitize object keys in evaluation result parsing (#35947)

Browse Source
This commit is contained in:
Max Schmitt 2025-05-14 13:43:50 +02:00 committed by GitHub
parent 191d912f20
commit e356ec0a82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/playwright-core/src/utils/isomorphic/utilityScriptSerializers.ts
View File

@ -156,8 +156,11 @@ export function parseEvaluationResultValue(value: SerializedValue, handles: any[
if ('o' in value) {
const result: any = {};
refs.set(value.id, result);
for (const { k, v } of value.o)
for (const { k, v } of value.o) {
if (k === '__proto__')
continue;
result[k] = parseEvaluationResultValue(v, handles, refs);
}
return result;
}
if ('h' in value)

9
tests/page/page-evaluate.spec.ts
View File

@ -881,3 +881,12 @@ it('should work with deleted Map', {
await page.goto(server.PREFIX + '/page');
expect(await page.evaluate(x => ({ value: 2 * x }), 17)).toEqual({ value: 34 });
});
it('should ignore dangerous object keys', async ({ page }) => {
const input = {
__proto__: { polluted: true },
safeKey: 'safeValue'
};
const result = await page.evaluate(arg => arg, input);
expect(result).toEqual({ safeKey: 'safeValue' });
});