Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
potential bugs in `/src/injected/web/util-web.js`
See original GitHub issueNumber.prototype.toStringandwindow.isFinitecan be replacedisArrayis broken (isArray({splice:()=>{},length:0})returnstrue, web page candelete Array.prototype.splice)escMapinherits fromObject.prototype(web page canObject.prototype['\u0000']='fake escape')- web page can
open('/').Object.prototype.__defineGetter__('defineAs',()=>alert('???'));(maybe that’s intended)
fix (doesn’t fix isArray and defineAs):
- replace
const { isFinite } = global; // eslint-disable-line no-restricted-properties const { toString: numberToString } = 0;with
const isFinite=(()=>{ 'use strict';//need to be strict mode because (function(){isFinite({toString:function(){alert(arguments.callee.caller)}})})() alerts null var inf=1/0,ninf=-inf; return x=>(x=+x)==x&&inf!=x&&ninf!=x; })(); - replace
const escMap = { '"': '\\"', '\\': '\\\\', '\b': '\\b', '\f': '\\f', '\n': '\\n', '\r': '\\r', '\t': '\\t', }; const escRE = /[\\"\u0000-\u001F\u2028\u2029]/g; // eslint-disable-line no-control-regex const escFunc = m => escMap[m] || `\\u${(m::charCodeAt(0) + 0x10000)::numberToString(16)::slice(1)}`;with
const jsStrEsc=s=>{ var c,l=s.length,i=0,hex='0123456789ABCDEF',out='"'; while(l>i)switch(c=s[i++]){ case '"':out+='\\"';continue; case '\\':out+='\\\\';continue; case '\b':out+='\\b';continue; case '\f':out+='\\f';continue; case '\n':out+='\\n';continue; case '\r':out+='\\r';continue; case '\t':out+='\\t';continue; case '\u2028':out+='\\u2028';continue; case '\u2029':out+='\\u2029';continue; default: if('\u001F'<c){ out+=c; continue; } c=c::charCodeAt(0);//String.prototype.charCodeAt can be replaced out+='\\u00'+ hex[c>>4]+ hex[15&c]; } return out+'"'; }; - replace
res = `"${value::replace(escRE, escFunc)}"`;with
res = jsStrEsc(value);
Issue Analytics
- State:
- Created 2 years ago
- Comments:19 (19 by maintainers)
Top Results From Across the Web
Bugs and Errors :: Eloquent JavaScript
Finding the source of such problems can be difficult. The process of finding mistakes—bugs—in programs is called debugging.
Read more >10 Common JavaScript Bugs and How to Avoid Them
Even the best JavaScript programmers make mistakes. Sometimes, these mistakes cause ... Use it as little as possible, if at all. Here's why:...
Read more >JavaScript bugs aplenty in Node.js ecosystem - Naked Security
Here's an interesting paper from the recent 2022 USENIX conference: Mining Node.js Vulnerabilities via Object Dependence Graph and Query.
Read more >Finding and Preventing Bugs in JavaScript Bindings - YouTube
Finding and Preventing Bugs in JavaScript BindingsFraser Brown (Stanford University)Presented at the 2017 IEEE Symposium on Security ...
Read more >quick-lint-js: find JavaScript bugs
feature quick‑lint‑js ESLint JSHint Rome Deno
speed 🚀 quick 🐇 capable 🐢 slow 🚀 quick 🐢 slow
easy setup ✓ zero config ❌ config or...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve changed my mind because there were just a few places where those symbols needed guarding: f5239b4e.
It will break all scripts in
pagemode too so even if we fix it for us, what good will that be?