marshal accepts getters that return functions #2436
Comments
warner
added a commit
that referenced
this issue
Feb 16, 2021
…ction
The prohibit-accessors check was improved by using `!('get' in descs[key])`.
This should catch properties with a setter but not a getter, which will have
a descriptor with `get: undefined`. Although this happens to be caught
elsewhere, (because such a property reads as a non-function, triggering the
"cannot serialize objects with non-methods" clause.
closes #2436
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
marshalis pretty tolerant about what "pass-by-reference" means: it allows properties to be named with strings or Symbols, and it allows both enumerable and non-enumerable properties. The only rule is that the property values must be functions.It looks like it was a little too lenient, and it accepts properties with getters, as long as those getters return a function. The problem is that the getter might return a function today, but not tomorrow.
The requirement is it tighten the rules by only allowing properties which are defined by values, and rejecting ones defined with a getter.
I've got a patch which improves the tests to cover this case, and reject it.
The text was updated successfully, but these errors were encountered: