search

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
13.61k stars 695 forks source link

fix(utils): Fixed getOwnPropertyDescriptor to hasOwnProperty function #908

Closed ssi02014 closed 7 months ago

ssi02014 commented 7 months ago

Summary

@cure53 👋

The getOwnPropertyDescriptor static method returns an object describing the configuration of a specific property on a given object (that is, one directly present on an object and not in the object's prototype chain).

My understanding is that getOwnPropertyDescriptor within the cleanArray and clone functions is simply used to validate that the property exists. (Instead, the lookupGetter function actually uses the descriptor)

Therefore, I thought it would be more appropriate to utilize the hasOwnProperty function for the purpose of determining if a property exists. (Returns a boolean that suits our intent.)

const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);

const arr = [1, 2];

console.log(objectHasOwnProperty(arr, 0)); // true
console.log(objectHasOwnProperty(arr, 1)); // true
console.log(objectHasOwnProperty(arr, 2)); // false

const obj = {
  foo: 1,
};

console.log(objectHasOwnProperty(obj, "foo")); // true
console.log(objectHasOwnProperty(obj, "bar")); // false


cure53 commented 7 months ago

This looks good, thanks a lot! :smile: