Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: default options for controlling proto access #1635

Merged
merged 1 commit into from
Jan 10, 2020
Merged

feat: default options for controlling proto access #1635

merged 1 commit into from
Jan 10, 2020

Conversation

nknapp
Copy link
Collaborator

@nknapp nknapp commented Jan 9, 2020
edited
Loading

feat: default options for controlling proto access

This commmit adds the runtime options

  • allowProtoPropertiesByDefault (boolean, default: false) and
  • allowProtoMethodsByDefault (boolean, default: false)`
    which can be used to allow access to prototype properties and
    functions in general.

Specific properties and methods can still be disabled from access
via allowedProtoProperties and allowedProtoMethods by
setting the corresponding values to false.

The methods constructor, __defineGetter__, __defineSetter__, __lookupGetter__
and the property __proto__ will be disabled, even if the allow...ByDefault-options
are set to true. In order to allow access to those properties and methods, they have
to be explicitly set to true in the 'allowedProto...'-options.

A warning is logged when the a proto-access it attempted and denied
by default (i.e. if no option is set by the user to make the access
decision explicit)

@nknapp nknapp mentioned this pull request Jan 9, 2020
Merged
@nknapp nknapp force-pushed the protoAccessDefaultOptions branch 2 times, most recently from 6ed0598 to f330390 Compare January 9, 2020 22:50
@Gerrit0
Copy link

Gerrit0 commented Jan 9, 2020

👍 thanks! Looks like this is a good balance between protecting users by default and allowing them the flexibility to continue using prototype methods in projects where that is necessary.

@Betree Betree mentioned this pull request Jan 10, 2020
Closed
@nknapp nknapp mentioned this pull request Jan 10, 2020
Closed
@nknapp
feat: default options for controlling proto access
1b5a0ef 
This commmit adds the runtime options
- `allowProtoPropertiesByDefault` (boolean, default: false) and
- `allowProtoMethodsByDefault` (boolean, default: false)`
which can be used to allow access to prototype properties and
functions in general.

Specific properties and methods can still be disabled from access
via `allowedProtoProperties` and `allowedProtoMethods` by
setting the corresponding values to false.

The methods `constructor`, `__defineGetter__`, `__defineSetter__`, `__lookupGetter__`
and the property `__proto__` will be disabled, even if the allow...ByDefault-options
are set to true. In order to allow access to those properties and methods, they have
to be explicitly set to true in the 'allowedProto...'-options.

A warning is logged when the a proto-access it attempted and denied
by default (i.e. if no option is set by the user to make the access
decision explicit)
@nknapp nknapp merged commit 7af1c12 into 4.x Jan 10, 2020
@nknapp nknapp deleted the protoAccessDefaultOptions branch January 10, 2020 16:07
@nknapp nknapp mentioned this pull request Jan 18, 2020
Closed
This was referenced Nov 17, 2020
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nknapp @Gerrit0