Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HasOwnProperty check causes reactivity issues #34

Closed
Tofandel opened this issue Aug 15, 2024 · 0 comments · Fixed by #11
Closed

HasOwnProperty check causes reactivity issues #34

Tofandel opened this issue Aug 15, 2024 · 0 comments · Fixed by #11

Comments

@Tofandel
Copy link
Contributor

Here is a demo

https://play.vuejs.org/#eNp9VU1v20YQ/StjXkghLOUmPRSJlMIpckgPtdEavZhGwFBDaW1yl9hdSjYU/fe+2aVkxjaii5bz8ea9mVlyn1z0fbEdOHmfLFxtVe/JsR/6j6VWXW+spz1Zrmqvtpzj1ORUm64fPK/oQI01HaVIT0td6mbQiDNaEP6r2oEv/FXlN5n5dpdTj1NOWzHPaI9wP5/Tl4b8hoOPVoadTj3gta+UpgoWn4tf046prjTdDS7QC0kBqhAg1VB2JhiF0nU7rNhlaZHOxjKlR/0bcd/SMmZFs4VOC9qlPwj7QOgSyHanHLSipmao9IZc36pYNDBVWmy87lh7R5Ve0a5q70F3pyVohEJVrpFlmWnQXrWC2ChEC5BV642nvq1qDhVeiEIbgtixyjKULgKToE5iWmRpdpjFZSy2lKriaYylTNwKtvMP+FucsIqW9RoyfqFf4Xjz5tSnWPKeH5FzDL5Rt9H5rM708QYp0tuXtu/faS/NDR3+AeLmVOAVWreTSYXZRGZsrbHSCqxhtj+gBdEOsV2wxjXNIIfGYOTPPggCGnytOjaDz7IZLT+KZnq+qDGnCJVzSntrGtVy0Sjr/FdddZzCeg0VqYAecnp7fn4e8Sfbv2b/6THgSYm4BrkcwxUodeg3yZ6Du9gurK2k55k8zH6cMQLjnj5FFpZXQ81ZVg/WonPxbl1V1j8JI5JLEU9E/rFn09AYT2fLJaWRV4oRHaOO7iXcemjbiessDq1AR7wRtGJTucudvrKmZ+sfi7pq21f4xPxRsPxGLYNeMa4Cr6I9zHjiHoHCpRUcrCCC8rGXQH2+FG/RveNraZyvLEUxDnQc5B+TSZ6WJ4S8TH8a4gTo9Z2YhTkt5vH1iRcnHjx3uNue8US0WKltOBBpgFXtRV2zc+9pv4/sD4fFNztGnAqf3AeoBcg8oizmE+wkT7yDjkatiztnNN7iodVlInLA0172spOuTAAXC5QJZmV2fwWbt9j0o73ecH3/iv3OPYitTK4sO7ZbLpOTz1cWjKP7879/8wPOJ2dnVkOL6J84/2Fn2kE4xrBPWA3QnsQFtl/Ct0jp9bX7/OBZu6MoIRq3I+rGt+jPn0h/ovuu+C3kYZnQxa9btoKJBsJRvPs9OfwPJ2xysQ==

The issue is because of the hasOwnProperty check coming from the global Object prototype and not the Proxy one, the path which doesn't yet exist is never actually called on the proxy, which means vue has no way to track it

Replacing with !current.hasOwnProperty(pathPart) fixes the reactivity issue without introducing the vulnerability this code fixes

Thought?
@Tofandel Tofandel mentioned this issue Aug 15, 2024
Closed
@saibotk saibotk mentioned this issue Aug 18, 2024
Merged
@djfhe djfhe closed this as completed in #11 Aug 18, 2024
saibotk added a commit that referenced this issue Aug 22, 2024
@saibotk
fix(get): reactivity on proxy objects
c33e738 
Fixes #34

This is a backport of the change from the 2.x version. Thanks to @Tofandel for reporting the issue.

We simply just added a condition to the reduce code to actually touch the objects instead of only checking the path existence via the `hasOwnProperty` call.

This enables frameworks like Vue to properly track the reactivity on return values again.
saibotk added a commit that referenced this issue Aug 22, 2024
@saibotk
fix(get): reactivity on proxy objects
e921fc8 
Fixes #34

This is a backport of the change from the 2.x version. Thanks to @Tofandel for reporting the issue.

We simply just added a condition to the reduce code to actually touch the objects instead of only checking the path existence via the `hasOwnProperty` call.

This enables frameworks like Vue to properly track the reactivity on return values again.
@saibotk saibotk mentioned this issue Aug 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@Tofandel