Fix SSR crash on a hasOwnProperty attribute

gaearon · gaearon · commit d922ed2cf2fa · 2018-08-01T19:17:58.000+01:00
diff --git a/packages/react-dom/src/__tests__/ReactServerRendering-test.internal.js b/packages/react-dom/src/__tests__/ReactServerRendering-test.internal.js
@@ -174,6 +174,19 @@ describe('ReactDOMServer', () => {
           (__DEV__ ? '\n    in iframe (at **)' : ''),
       );
     });
+
+    it('should not crash on poisoned hasOwnProperty', () => {
+      let html;
+      expect(
+        () =>
+          (html = ReactDOMServer.renderToString(
+            <div hasOwnProperty="poison">
+              <span unknown="test" />
+            </div>,
+          )),
+      ).toWarnDev(['React does not recognize the `hasOwnProperty` prop']);
+      expect(html).toContain('<span unknown="test">');
+    });
   });
 
   describe('renderToStaticMarkup', () => {
diff --git a/packages/react-dom/src/server/ReactPartialRenderer.js b/packages/react-dom/src/server/ReactPartialRenderer.js
@@ -308,6 +308,7 @@ function processContext(type, context) {
   return maskedContext;
 }
 
+const hasOwnProperty = Object.prototype.hasOwnProperty;
 const STYLE = 'style';
 const RESERVED_PROPS = {
   children: null,
@@ -327,7 +328,7 @@ function createOpenTagMarkup(
   let ret = '<' + tagVerbatim;
 
   for (const propKey in props) {
-    if (!props.hasOwnProperty(propKey)) {
+    if (!hasOwnProperty.call(props, propKey)) {
       continue;
     }
     let propValue = props[propKey];
diff --git a/packages/react-dom/src/shared/DOMProperty.js b/packages/react-dom/src/shared/DOMProperty.js
@@ -66,14 +66,15 @@ export const VALID_ATTRIBUTE_NAME_REGEX = new RegExp(
   '^[' + ATTRIBUTE_NAME_START_CHAR + '][' + ATTRIBUTE_NAME_CHAR + ']*$',
 );
 
+const hasOwnProperty = Object.prototype.hasOwnProperty;
 const illegalAttributeNameCache = {};
 const validatedAttributeNameCache = {};
 
 export function isAttributeNameSafe(attributeName: string): boolean {
-  if (validatedAttributeNameCache.hasOwnProperty(attributeName)) {
+  if (hasOwnProperty.call(validatedAttributeNameCache, attributeName)) {
     return true;
   }
-  if (illegalAttributeNameCache.hasOwnProperty(attributeName)) {
+  if (hasOwnProperty.call(illegalAttributeNameCache, attributeName)) {
     return false;
   }
   if (VALID_ATTRIBUTE_NAME_REGEX.test(attributeName)) {

Original file line number	Diff line number	Diff line change
`@@ -308,6 +308,7 @@ function processContext(type, context) {`
`308`	`308`	`return maskedContext;`
`309`	`309`	`}`
`310`	`310`
	`311`	`+const hasOwnProperty = Object.prototype.hasOwnProperty;`
`311`	`312`	`const STYLE = 'style';`
`312`	`313`	`const RESERVED_PROPS = {`
`313`	`314`	`children: null,`
`@@ -327,7 +328,7 @@ function createOpenTagMarkup(`
`327`	`328`	`let ret = '<' + tagVerbatim;`
`328`	`329`
`329`	`330`	`for (const propKey in props) {`
`330`		`- if (!props.hasOwnProperty(propKey)) {`
	`331`	`+ if (!hasOwnProperty.call(props, propKey)) {`
`331`	`332`	`continue;`
`332`	`333`	`}`
`333`	`334`	`let propValue = props[propKey];`