querystring: allow querystring parse to handle __proto__ #6044
Conversation
jasnell
added
the
querystring
jasnell
changed the title
jasnell
force-pushed
the
querystring-proto
branch
2 times, most recently
from
f9b4060 to
e0fb8dd
Compare
|
If this change is going to be made, wouldn't it be simpler to just use |
|
Interesting... using 'use strict';
var common = require('../common.js');
var querystring = require('querystring');
var v8 = require('v8');
var bench = common.createBenchmark(main, {
n: [1e6],
});
function main(conf) {
var n = conf.n | 0;
const input = 'a=b&__proto__=1';
v8.setFlagsFromString('--allow_natives_syntax');
querystring.parse(input);
eval('%OptimizeFunctionOnNextCall(querystring.parse)');
querystring.parse(input);
var i;
bench.start();
for (i = 0; i < n; i += 1)
querystring.parse(input);
bench.end(n);
} |
|
@mscdex ... updated to use Object.create(null). |
| if (typeof qs !== 'string' || qs.length === 0) { | ||
| return obj; | ||
| return {}; |
There was a problem hiding this comment.
Are we comfortable with this inconsistency?
|
FWIW using |
mscdex
added
the
semver-major
|
👎 Unless we can see that |
|
@Fishrock123 It still is. @jasnell I think I may have found a solution that doesn't cause a performance regression and may even provide somewhat of a performance boost. |
|
Sigh, every time I benchmark this I'm getting different results. I'll switch it back to {} for now. What's the alternative you found @mscdex ? |
Per nodejs#5642, using querystring.parse to parse 'a=b&__proto__=1' causes the `__proto__` to be swallowed and ignored. This works around the limitation by temporarily setting the prototype of the parsed obj to null during the parse, then setting it back before returning. Fixes: nodejs#5642
jasnell
force-pushed
the
querystring-proto
branch
from
71d02ad to
8abf8a8
Compare
|
since you never know how much optimization could be done, I'd go for: // begin
var obj = Object.setPrototypeOf({}, null);
// ... rest of the code ...
// end
return Object.setPrototypeOf(obj, Object.prototype);at least it couldn't go more compact than that, and the returned value from |
| } | ||
|
|
||
| var obj = {}; |
There was a problem hiding this comment.
Sorry, had this open for a while and GH refreshed so I just now noticed this was already discussed.
|
Related: #6055 |
Pull Request check-list
make -j8 test(UNIX) orvcbuild test nosign(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
Affected core subsystem(s)
querystring
Description of change
Per #5642, using querystring.parse to parse
'a=b&__proto__=1'causes the__proto__to be swallowed and ignored. This works around the limitation by temporarily setting the prototype of the parsed obj to null during the parse, then setting it back before returning.The rest of the existing implementation remains the same.
Fixes: #5642
/cc @mscdex @WebReflection