Skip to content
This repository has been archived by the owner on Nov 29, 2023. It is now read-only.

Commit

Permalink
2.0.2 修复__proto__相关的bug
Browse files Browse the repository at this point in the history
  • Loading branch information
@bddjr
bddjr committed Jul 4, 2023
1 parent 591c600 commit 7b98609
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 33 deletions.
3 changes: 3 additions & 0 deletions .vscode/settings.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"js/ts.implicitProjectConfig.target": "ESNext"
}
34 changes: 17 additions & 17 deletions categorys/json.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ const {

/** @param {string} category_id */
module.exports = ( category_id )=>{ api.addBlocks([
{//2.0.0
{//2.0.2
opcode: `${category_id}.get`,
messageId: `${category_id}.get`,
categoryId: category_id,
Expand Down Expand Up @@ -71,7 +71,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
if( Array.isArray( keyslist ) ){
for( let i of keyslist ){
if( Array.isArray( i ) ){
if( Array.isArray(thisjson) && (+i[0])<0 ){
if( (+i[0])<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i[0] = thisjson.length + (+i[0]);
}
Expand All @@ -81,7 +81,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
if( i[1] ==='?.' && !thisjson )
break;
}else{
if( Array.isArray(thisjson) && (+i)<0 ){
if( (+i)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i = thisjson.length + (+i);
}
Expand All @@ -91,7 +91,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
}
}
}else{ // typeof keyslist === 'string'
if( Array.isArray(thisjson) && (+keyslist)<0 ){
if( (+keyslist)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
keyslist = thisjson.length + (+keyslist);
}
Expand All @@ -103,7 +103,7 @@ module.exports = ( category_id )=>{ api.addBlocks([

return returnType(
// 防止返回prototype里的函数
lastjson.hasOwnProperty(lastkey) ? thisjson : undefined ,
Object.hasOwn( lastjson, lastkey ) ? thisjson : undefined ,
args.return_type
);

Expand All @@ -113,7 +113,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
},
//======================================================================================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.set_value`,
messageId: `${category_id}.set_value`,
categoryId: category_id,
Expand Down Expand Up @@ -181,30 +181,30 @@ module.exports = ( category_id )=>{ api.addBlocks([
if( Array.isArray( keyslist ) ){
for( let i of keyslist ){
if( Array.isArray( i ) ){
if( Array.isArray(thisjson) && (+i[0])<0 ){
if( (+i[0])<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i[0] = thisjson.length + (+i[0]);
}
thisjson = thisjson[ i[0] ];
if( i[1] ==='?.' && !thisjson )
break;
}else{
if( Array.isArray(thisjson) && (+i)<0 ){
if( (+i)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i = thisjson.length + (+i);
}
setKey = i ;
}
}
}else{ // typeof keyslist === 'string'
if( Array.isArray(thisjson) && (+keyslist)<0 ){
if( (+keyslist)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
keyslist = thisjson.length + (+keyslist);
}
setKey = keyslist;
}
}
if( Array.isArray(thisjson) && (+setKey)<0 ){
if( (+setKey)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
setKey = thisjson.length + (+setKey);
}
Expand Down Expand Up @@ -284,7 +284,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
},
//======================================================================================================================
{//2.0.0
{//2.0.2
opcode: `${category_id}.hasOwnProperty`,
messageId: `${category_id}.hasOwnProperty`,
categoryId: category_id,
Expand All @@ -305,15 +305,15 @@ module.exports = ( category_id )=>{ api.addBlocks([
if( typeof thisjson !== 'object' )
thisjson = JSON.parse( thisjson );

return thisjson.hasOwnProperty( args.key );
return Object.hasOwn( thisjson, args.key )

}catch(e){
return my_log_block_error( util.currentBlock.id, util.currentBlock.opcode, e )
}
},
},
//======================================================================================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.deleteProperty`,
messageId: `${category_id}.deleteProperty`,
categoryId: category_id,
Expand Down Expand Up @@ -366,30 +366,30 @@ module.exports = ( category_id )=>{ api.addBlocks([
if( Array.isArray( keyslist ) ){
for( let i of keyslist ){
if( Array.isArray( i ) ){
if( Array.isArray(thisjson) && (+i[0])<0 ){
if( (+i[0])<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i[0] = thisjson.length + (+i[0]);
}
thisjson = thisjson[ i[0] ];
if( i[1] ==='?.' && !thisjson )
break;
}else{
if( Array.isArray(thisjson) && (+i)<0 ){
if( (+i)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
i = thisjson.length + (+i);
}
setKey = i ;
}
}
}else{ // typeof keyslist === 'string'
if( Array.isArray(thisjson) && (+keyslist)<0 ){
if( (+keyslist)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
keyslist = thisjson.length + (+keyslist);
}
setKey = keyslist;
}
}
if( Array.isArray(thisjson) && (+setKey)<0 ){
if( (+setKey)<0 && Array.isArray(thisjson) ){
// 兼容数组负数下标取值
setKey = thisjson.length + (+setKey);
}
Expand Down
31 changes: 23 additions & 8 deletions categorys/temp_var.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
}
},
//===========================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.set_value`,
messageId: `${category_id}.set_value`,
categoryId: category_id,
Expand All @@ -52,6 +52,9 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
function: (args,util)=>{
try{
if( args.name == '__proto__' ){
throw "Can not get or set __proto__ !";
}
if( !vm.bddjr_toolbox_v2_temp_var ){ //undefined
vm.bddjr_toolbox_v2_temp_var = {}
}
Expand Down Expand Up @@ -96,7 +99,11 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
function: (args,util)=>{
try{
if( vm.bddjr_toolbox_v2_temp_var?.hasOwnProperty( args.name ) ){
if(
vm.bddjr_toolbox_v2_temp_var
&&
Object.hasOwn( vm.bddjr_toolbox_v2_temp_var, args.name )
){
return vm.bddjr_toolbox_v2_temp_var[ args.name ];
}
//return undefined
Expand Down Expand Up @@ -131,7 +138,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
}
},
//===========================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.var_exist`,
messageId: `${category_id}.var_exist`,
categoryId: category_id,
Expand All @@ -144,7 +151,11 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
function: (args,util)=>{
try{
return !!vm.bddjr_toolbox_v2_temp_var?.hasOwnProperty( args.name );
return !!(
vm.bddjr_toolbox_v2_temp_var
&&
Object.hasOwn( vm.bddjr_toolbox_v2_temp_var, args.name )
);
}catch(e){
return my_log_block_error( util.currentBlock.id, util.currentBlock.opcode, e )
}
Expand Down Expand Up @@ -181,7 +192,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
}
},
//===========================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.set_sprite_var_value`,
messageId: `${category_id}.set_sprite_var_value`,
categoryId: category_id,
Expand Down Expand Up @@ -214,6 +225,9 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
function: (args,util)=>{
try{
if( args.name == '__proto__' ){
throw "Can not get or set __proto__ !";
}
let target = get_sprite_target( util, args.sprite_type, args.sprite_name );
if( !target.bddjr_toolbox_v2_temp_var ){ //undefined
target.bddjr_toolbox_v2_temp_var = {}
Expand Down Expand Up @@ -271,7 +285,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
function: (args,util)=>{
try{
let tv = get_sprite_target( util, args.sprite_type, args.sprite_name ).bddjr_toolbox_v2_temp_var;
if( tv?.hasOwnProperty( args.name ) ){
if( tv && Object.hasOwn( tv, args.name ) ){
return tv[ args.name ]
}
//return undefined
Expand Down Expand Up @@ -318,7 +332,7 @@ module.exports = ( category_id )=>{ api.addBlocks([
}
},
//===========================================================
{//2.0.1
{//2.0.2
opcode: `${category_id}.sprite_var_exist`,
messageId: `${category_id}.sprite_var_exist`,
categoryId: category_id,
Expand All @@ -342,7 +356,8 @@ module.exports = ( category_id )=>{ api.addBlocks([
},
function: (args,util)=>{
try{
return !!get_sprite_target( util, args.sprite_type, args.sprite_name ).bddjr_toolbox_v2_temp_var?.hasOwnProperty( args.name );
let tv = get_sprite_target( util, args.sprite_type, args.sprite_name ).bddjr_toolbox_v2_temp_var;
return !!( tv && Object.hasOwn( tv, args.name ) );
}catch(e){
return my_log_block_error( util.currentBlock.id, util.currentBlock.opcode, e )
}
Expand Down
40 changes: 32 additions & 8 deletions myjs/tools.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ function to_scratch_type(v){
module.exports.to_scratch_type = to_scratch_type;

//===========================================================
//2.0.0
//2.0.2

/**
*
Expand All @@ -85,28 +85,48 @@ module.exports.to_scratch_type = to_scratch_type;
function for_json_get_keys( keymode, keystr ){
if( typeof keystr === 'number' )
return keystr;

let anti__proto__ = "Can not get or set __proto__ !";
if( keymode === '.' ){
if( !keystr.includes('.') )
if( !keystr.includes('.') ){
if( keystr == '__proto__' ){
throw anti__proto__;
}
return keystr;

}
const outkeys = [];
let myslice_start = 0;
for( let i = 0 ; i < keystr.length ; i++ ){
if( keystr[i] !== '.' ) continue;
if( keystr[i] !== '.' ){
continue;
}
if( keystr[i-1] === '?' ){
let key = keystr.slice( myslice_start , i-1 );
if( key == '__proto__' ){
throw anti__proto__;
}
outkeys.push([
keystr.slice( myslice_start , i-1 ),
key,
'?.',
]);
}else{
let key = keystr.slice( myslice_start , i );
if( key == '__proto__' ){
throw anti__proto__;
}
outkeys.push([
keystr.slice( myslice_start , i ),
key,
'.',
]);
}
myslice_start = i+1 ;
}
outkeys.push( keystr.slice( myslice_start , keystr.length ) );
let key = keystr.slice( myslice_start );
if( key == '__proto__' ){
throw anti__proto__;
}
outkeys.push( key );

return outkeys;
}
if( keymode === 'Array' ){
Expand All @@ -115,7 +135,11 @@ function for_json_get_keys( keymode, keystr ){
thiskeystr = '[' + thiskeystr;
if( thiskeystr.slice(-1) !== ']' )
thiskeystr += ']';
return JSON.parse( thiskeystr );
let outkeys = JSON.parse( thiskeystr );
if( outkeys.includes('__proto__') ){
throw anti__proto__;
}
return outkeys;
}
throw 'Not allowed keymode!';
}
Expand Down

0 comments on commit 7b98609

Please sign in to comment.