fix: ownership getting tricked by proxies #13377
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Svelte 5 rewrite
Closes #13376
This fixes the problem but i fear we might have this problem elsewhere and this can still be somewhat tricked unless we specify a lot of constraint. The problem when someone returns some non null value from a proxy regardless of the key eg
inside the ownership validation function we assume that if it has metadata it's the svelte metadata object (honestly a reasonable assumption considering it's a Symbol). But in this case the object will always be this empty object. So when trying to access
owners.add
on it or[ADD_OWNER]
we end up with a runtime error.By adding
owners in object
check it's fixed but that will fail if the proxy looks like thisSo i'm not really sure if we should go mad with checks before invoking anything or find a better general solution.
Please note that the Svelte codebase is currently being rewritten for Svelte 5. Changes should target Svelte 5, which lives on the default branch (
main
).If your PR concerns Svelte 4 (including updates to svelte.dev.docs), please ensure the base branch is
svelte-4
and notmain
.Before submitting the PR, please make sure you do the following
feat:
,fix:
,chore:
, ordocs:
.Tests and linting
pnpm test
and lint the project withpnpm lint