fix: remove bad usages of for-in and guard against it #22616
Conversation
|
I'm ✔️ on putting this in new releases, but before we backport this -- is this fixing some known existing problems? I think some of these objects being looped through are coming from users, e.g. extraHeaders is coming from the 'headers' property of the options object passed to ClientRequest's constructor. It's possible that some oddball app out in the wild works under Which is why I ask if this is fixing any known bugs. If this is a cleanliness PR, I don't see the upside in backporting. |
|
...or I could've just, you know, read the description and click through to #22615 to see what this fixes. Perhaps a more limited scope of changes in the backports? |
|
@ckerr Sending properties of the |
Co-Authored-By: Samuel Maddock <samuel.maddock@gmail.com>
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
0d18197 to
f9a123d
Compare
|
Release Notes Persisted
|
|
I have automatically backported this PR to "9-x-y", please check out #22727 |
|
I have automatically backported this PR to "8-x-y", please check out #22728 |
|
I have automatically backported this PR to "7-1-x", please check out #22729 |
* fix: remove bad usages of for-in and guard against it * Apply suggestions from code review Co-Authored-By: Samuel Maddock <samuel.maddock@gmail.com> * Apply suggestions from code review Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org> * Update remote.js Co-authored-by: Samuel Maddock <samuel.maddock@gmail.com> Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
for (... in ...)is a bad idea as it will pick up everything on the prototype as well not just keys on that object. Where appropriate I've replaced it withfor (const key of Object.keys...)and enabled the eslint rule that guards against it so that future occurrences to not slip through.Fixes #22615
Notes: fixed issue where mutating the global
Objectprototype could cause internal Electron logic to throw errors