Use primordials everywhere #11224
Comments
|
I'll do:
|
|
Claiming:
|
|
@SimonRask Please wait with |
|
Claiming:
|
|
@littledivy: @crowlKats is already working on web sockets |
|
Ah i'll close it then! |
|
Claiming:
|
|
Claiming:
|
|
Claiming:
|
I am handing it over to divy |
|
Claiming:
|
|
There is no need for primordials in |
These only use I presume you skipped |
That should really be using an internal bound dispatch method. I'll circle back to this once everything else is done. I am working on a rewrite of the event target code right now anyway to make it more compliant and clean it up.
Yup. |
|
Claiming extensions/web/02_event.js EDIT: I will probably regret it but I'm also claiming (that's a lot of JS code...)
|
|
I mentioned that the WebGPU PR left a few dynamic object accesses. Ref #11265 (comment) While looking through it, the changes are hard to do as they primarily accept WebIDL webidl.js is used across the entire codebase, yet it also suffers from this vulnerability as it doesn't use the prototype primordials for these. |
|
Gonna close this issue as we migrated all the files listed. Huge thanks to @littledivy, @SimonRask, @crowlKats and @crimsoncodes0 who helped it push forward in just a week. @crimsoncodes0 let's address your comments regarding getters in a follow up issue. |
ghost
mentioned this issue
In #10939 we landed primordials into
deno_core. They are frozen intrinsics that are not vulnerable to prototype pollution. We now need to undergo the tedious task to refactor all of our JS code to use these primordials. Here is the TODO list:13_buffer.jsand30_fs.js#1124713_buffer.jsand30_fs.js#11247I will open some first PRs shortly that show how a migration of a file to primordials should look.
If you want to convert some files, please comment on this issue before starting so we don't duplicate work.
The text was updated successfully, but these errors were encountered: