|
|
|
|
|
|
by benmmurphy
196 days ago
|
|
|
I suspect the commit to fix is: https://github.com/facebook/react/commit/bbed0b0ee64b89353a4... and it looks like its been squashed with some other stuff to hide it or maybe there are other problems as well. this pattern appears 4 times and looks like it is reducing the functions that are exposed to the 'whitelist'. i presume the modules have dangerous functions in the prototype chain and clients were able to invoke them. - return moduleExports[metadata.name];
+ if (hasOwnProperty.call(moduleExports, metadata.name)) {
+ return moduleExports[metadata.name];
+ }
+ return (undefined: any);
|
|
|