search

googlearchive / caja

Caja is a tool for safely embedding third party HTML, CSS and JavaScript in your website.
Apache License 2.0
1.13k stars 113 forks source link

In tamperProof, prevent the getter from redefining properties. #2032

Closed jfparadis closed 6 years ago

jfparadis commented 6 years ago

In the getter created by the tamperProof function: 

          function setter(newValue) {
            if (obj === this) {
              throw new TypeError('Cannot set virtually frozen property: ' +
                                  name);
            }
            if (!!gopd(this, name)) {
              this[name] = newValue;
            }
            // TODO(erights): Do all the inherited property checks
            defProp(this, name, {
              value: newValue,
              writable: true,
              enumerable: true,
              configurable: true
            });
          }

Currently, an attempt is made to redefine the property every time setter is invoked.

The definition of the property apparently needs to move to the else block of the check to see if the property exists.

          if (!!gopd(this, name)) {
              // assign
          } else {
             // define
          }