chore: replace __proto__ by getPrototypeOf by kapouer · Pull Request #17386 · microsoft/playwright

kapouer · 2022-09-16T07:15:35Z

Some users might want to run --disable-proto=throw|delete option for a hardened Node.
It's easy to fix and doesn't prevent { __proto__: null } pattern.

ghost · 2022-09-16T07:15:46Z

All CLA requirements met.

jfgreffier · 2022-09-16T08:10:53Z

Should we add the no-proto ESLint rule in .eslintrc.js to enforce this ?

https://eslint.org/docs/latest/rules/no-proto

kapouer · 2022-09-16T08:19:41Z

Let's see how it goes

mxschmitt · 2022-09-16T11:32:04Z

The CI is failing: page/page-expose-function.spec.ts:77:1 › should support throwing "null"

kapouer · 2022-09-16T11:57:37Z

Oh ! fixed and rebased.

yury-s · 2022-09-16T15:32:26Z


 function isError(obj: any): obj is Error {
-  return obj instanceof Error || obj?.__proto__?.name === 'Error' || (obj?.__proto__ && isError(obj.__proto__));
+  const proto = obj ? Object.getPrototypeOf(obj) : null;


This will fail if there is a user code like Object.getPrototypeOf = () => {};

Oh, this is a server side code, we don't run random js here so it should be ok.

Indeed, and obj.__proto__ was an order of magnitude less safe than Object.getPrototypeOf :)

yury-s

Could you add a test for this?

yury-s · 2022-09-16T15:38:07Z


 function isError(obj: any): obj is Error {
-  return obj instanceof Error || obj?.__proto__?.name === 'Error' || (obj?.__proto__ && isError(obj.__proto__));
+  const proto = obj ? Object.getPrototypeOf(obj) : null;


Oh, this is a server side code, we don't run random js here so it should be ok.

kapouer · 2022-09-16T15:57:32Z

Could you add a test for this?

What do you mean ? this is already tested. The behavior didn't change at all ?

kapouer · 2022-09-16T23:11:48Z

For the record, the more modules are going to fix this, the more node is likely to get rid of proto ! nodejs/node#31951

yury-s · 2022-09-19T20:10:46Z

Could you add a test for this?

What do you mean ? this is already tested. The behavior didn't change at all ?

I mean a test that would fail before your change and pass after, this way we can ensure that this is documented and will not break in the future during refactoring of the code.

jfgreffier · 2022-09-20T08:58:02Z

Could you add a test for this?

What do you mean ? this is already tested. The behavior didn't change at all ?

I mean a test that would fail before your change and pass after, this way we can ensure that this is documented and will not break in the future during refactoring of the code.

Not a test, but the no-proto ESLint rule that was added will guarantee that __proto__ will not be used again

kapouer · 2022-09-20T09:23:20Z

Maybe process.env.NODE_OPTIONS = (process.env.NODE_OPTIONS || "") + " --disable-proto=throw" should be added but honestly I'm not sure where.

pavelfeldman · 2022-09-21T01:55:32Z

Some users might want to run --disable-proto=throw|delete option for a hardened Node.

I'm fine with the change, but I don't get the idea behind the option above. We can't guarantee Playwright operation in the mode above, because we use third party modules and __proto__ is a part of JavaScript. So we can land it, but it won't mean anything in the context of the above request.

kapouer · 2022-09-21T04:29:54Z

I'm fine with the change, but I don't get the idea behind the option above. We can't guarantee Playwright operation in the mode above, because we use third party modules and __proto__ is a part of JavaScript. So we can land it, but it won't mean anything in the context of the above request.

__proto__ is a deprecated part of js, and, while still used here and there, it is not so far away from being abandoned by modules authors.
Thanks !

kapouer added 2 commits September 16, 2022 13:57

feat: replace __proto__ by getPrototypeOf

8310487

feat(eslint): no-proto

107601a

kapouer force-pushed the main branch from ca2bf7f to 107601a Compare September 16, 2022 11:57

mxschmitt approved these changes Sep 16, 2022

View reviewed changes

mxschmitt changed the title ~~feat: replace __proto__ by getPrototypeOf~~ chore: replace __proto__ by getPrototypeOf Sep 16, 2022

yury-s reviewed Sep 16, 2022

View reviewed changes

mxschmitt self-requested a review September 19, 2022 11:01

pavelfeldman merged commit 840a1f6 into microsoft:main Sep 21, 2022

kapouer mentioned this pull request Mar 28, 2026

lint: modernize __proto__ with getPrototypeOf #39919

Closed

Conversation

kapouer commented Sep 16, 2022

Uh oh!

ghost commented Sep 16, 2022 • edited by ghost Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jfgreffier commented Sep 16, 2022

Uh oh!

kapouer commented Sep 16, 2022

Uh oh!

mxschmitt commented Sep 16, 2022

Uh oh!

kapouer commented Sep 16, 2022

Uh oh!

yury-s Sep 16, 2022

Choose a reason for hiding this comment

Uh oh!

yury-s Sep 16, 2022

Choose a reason for hiding this comment

Uh oh!

kapouer Sep 16, 2022

Choose a reason for hiding this comment

Uh oh!

yury-s left a comment

Choose a reason for hiding this comment

Uh oh!

yury-s Sep 16, 2022

Choose a reason for hiding this comment

Uh oh!

kapouer commented Sep 16, 2022

Uh oh!

kapouer commented Sep 16, 2022

Uh oh!

yury-s commented Sep 19, 2022

Uh oh!

jfgreffier commented Sep 20, 2022

Uh oh!

kapouer commented Sep 20, 2022

Uh oh!

pavelfeldman commented Sep 21, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

kapouer commented Sep 21, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

ghost commented Sep 16, 2022 •

edited by ghost

Loading

pavelfeldman commented Sep 21, 2022 •

edited

Loading