maxjhandsome
/
react
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SSR crash on a hasOwnProperty attribute (#13303)

This commit is contained in:
Dan Abramov 2018-08-01 20:23:19 +01:00 committed by GitHub
parent ff41519ec2
commit f60a7f722c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
packages/react-dom/src/__tests__/ReactServerRendering-test.js vendored
View File

@ -174,6 +174,19 @@ describe('ReactDOMServer', () => {
(__DEV__ ? '\n in iframe (at **)' : ''),
);
});
it('should not crash on poisoned hasOwnProperty', () => {
let html;
expect(
() =>
(html = ReactDOMServer.renderToString(
<div hasOwnProperty="poison">
<span unknown="test" />
</div>,
)),
).toWarnDev(['React does not recognize the `hasOwnProperty` prop']);
expect(html).toContain('<span unknown="test">');
});
});
describe('renderToStaticMarkup', () => {

3
packages/react-dom/src/server/ReactPartialRenderer.js vendored
View File

@ -349,6 +349,7 @@ function processContext(type, context) {
return maskedContext;
}
const hasOwnProperty = Object.prototype.hasOwnProperty;
const STYLE = 'style';
const RESERVED_PROPS = {
children: null,
@ -368,7 +369,7 @@ function createOpenTagMarkup(
let ret = '<' + tagVerbatim;
for (const propKey in props) {
if (!props.hasOwnProperty(propKey)) {
if (!hasOwnProperty.call(props, propKey)) {
continue;
}
let propValue = props[propKey];

5
packages/react-dom/src/shared/DOMProperty.js vendored
View File

@ -66,14 +66,15 @@ export const VALID_ATTRIBUTE_NAME_REGEX = new RegExp(
'^[' + ATTRIBUTE_NAME_START_CHAR + '][' + ATTRIBUTE_NAME_CHAR + ']*$',
);
const hasOwnProperty = Object.prototype.hasOwnProperty;
const illegalAttributeNameCache = {};
const validatedAttributeNameCache = {};
export function isAttributeNameSafe(attributeName: string): boolean {
if (validatedAttributeNameCache.hasOwnProperty(attributeName)) {
if (hasOwnProperty.call(validatedAttributeNameCache, attributeName)) {
return true;
}
if (illegalAttributeNameCache.hasOwnProperty(attributeName)) {
if (hasOwnProperty.call(illegalAttributeNameCache, attributeName)) {
return false;
}
if (VALID_ATTRIBUTE_NAME_REGEX.test(attributeName)) {