Skip to content

Commit

Permalink
Fix SSR crash on a hasOwnProperty attribute
Browse files Browse the repository at this point in the history
  • Loading branch information
gaearon committed Aug 1, 2018
1 parent 5b19684 commit d922ed2
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,19 @@ describe('ReactDOMServer', () => {
(__DEV__ ? '\n in iframe (at **)' : ''),
);
});

it('should not crash on poisoned hasOwnProperty', () => {
let html;
expect(
() =>
(html = ReactDOMServer.renderToString(
<div hasOwnProperty="poison">
<span unknown="test" />
</div>,
)),
).toWarnDev(['React does not recognize the `hasOwnProperty` prop']);
expect(html).toContain('<span unknown="test">');
});
});

describe('renderToStaticMarkup', () => {
Expand Down
3 changes: 2 additions & 1 deletion packages/react-dom/src/server/ReactPartialRenderer.js
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,7 @@ function processContext(type, context) {
return maskedContext;
}

const hasOwnProperty = Object.prototype.hasOwnProperty;
const STYLE = 'style';
const RESERVED_PROPS = {
children: null,
Expand All @@ -327,7 +328,7 @@ function createOpenTagMarkup(
let ret = '<' + tagVerbatim;

for (const propKey in props) {
if (!props.hasOwnProperty(propKey)) {
if (!hasOwnProperty.call(props, propKey)) {
continue;
}
let propValue = props[propKey];
Expand Down
5 changes: 3 additions & 2 deletions packages/react-dom/src/shared/DOMProperty.js
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,15 @@ export const VALID_ATTRIBUTE_NAME_REGEX = new RegExp(
'^[' + ATTRIBUTE_NAME_START_CHAR + '][' + ATTRIBUTE_NAME_CHAR + ']*$',
);

const hasOwnProperty = Object.prototype.hasOwnProperty;
const illegalAttributeNameCache = {};
const validatedAttributeNameCache = {};

export function isAttributeNameSafe(attributeName: string): boolean {
if (validatedAttributeNameCache.hasOwnProperty(attributeName)) {
if (hasOwnProperty.call(validatedAttributeNameCache, attributeName)) {
return true;
}
if (illegalAttributeNameCache.hasOwnProperty(attributeName)) {
if (hasOwnProperty.call(illegalAttributeNameCache, attributeName)) {
return false;
}
if (VALID_ATTRIBUTE_NAME_REGEX.test(attributeName)) {
Expand Down

0 comments on commit d922ed2

Please sign in to comment.