From 8ca20673a5f540b4e02b5da8082181ef222778a3 Mon Sep 17 00:00:00 2001 From: Dan Abramov Date: Wed, 1 Aug 2018 19:15:15 +0100 Subject: [PATCH] Fix SSR crash on a hasOwnProperty attribute --- .../src/__tests__/ReactServerRendering-test.js | 13 +++++++++++++ .../react-dom/src/server/ReactPartialRenderer.js | 3 ++- packages/react-dom/src/shared/DOMProperty.js | 5 +++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/packages/react-dom/src/__tests__/ReactServerRendering-test.js b/packages/react-dom/src/__tests__/ReactServerRendering-test.js index 9c6c8c29eea63..0e605f8c6ecc9 100644 --- a/packages/react-dom/src/__tests__/ReactServerRendering-test.js +++ b/packages/react-dom/src/__tests__/ReactServerRendering-test.js @@ -174,6 +174,19 @@ describe('ReactDOMServer', () => { (__DEV__ ? '\n in iframe (at **)' : ''), ); }); + + it('should not crash on poisoned hasOwnProperty', () => { + let html; + expect( + () => + (html = ReactDOMServer.renderToString( +
+ +
, + )), + ).toWarnDev(['React does not recognize the `hasOwnProperty` prop']); + expect(html).toContain(''); + }); }); describe('renderToStaticMarkup', () => { diff --git a/packages/react-dom/src/server/ReactPartialRenderer.js b/packages/react-dom/src/server/ReactPartialRenderer.js index 357eb8eb8ea5b..19bf9c94a7f23 100644 --- a/packages/react-dom/src/server/ReactPartialRenderer.js +++ b/packages/react-dom/src/server/ReactPartialRenderer.js @@ -349,6 +349,7 @@ function processContext(type, context) { return maskedContext; } +const hasOwnProperty = Object.prototype.hasOwnProperty; const STYLE = 'style'; const RESERVED_PROPS = { children: null, @@ -368,7 +369,7 @@ function createOpenTagMarkup( let ret = '<' + tagVerbatim; for (const propKey in props) { - if (!props.hasOwnProperty(propKey)) { + if (!hasOwnProperty.call(props, propKey)) { continue; } let propValue = props[propKey]; diff --git a/packages/react-dom/src/shared/DOMProperty.js b/packages/react-dom/src/shared/DOMProperty.js index 31f222b978854..23a00b48a59bc 100644 --- a/packages/react-dom/src/shared/DOMProperty.js +++ b/packages/react-dom/src/shared/DOMProperty.js @@ -66,14 +66,15 @@ export const VALID_ATTRIBUTE_NAME_REGEX = new RegExp( '^[' + ATTRIBUTE_NAME_START_CHAR + '][' + ATTRIBUTE_NAME_CHAR + ']*$', ); +const hasOwnProperty = Object.prototype.hasOwnProperty; const illegalAttributeNameCache = {}; const validatedAttributeNameCache = {}; export function isAttributeNameSafe(attributeName: string): boolean { - if (validatedAttributeNameCache.hasOwnProperty(attributeName)) { + if (hasOwnProperty.call(validatedAttributeNameCache, attributeName)) { return true; } - if (illegalAttributeNameCache.hasOwnProperty(attributeName)) { + if (hasOwnProperty.call(illegalAttributeNameCache, attributeName)) { return false; } if (VALID_ATTRIBUTE_NAME_REGEX.test(attributeName)) {