[Flight] Enforce "simple object" rule in production (#27502)

sebmarkbage · sebmarkbage · commit a892e8a0c010 · 2023-10-11T16:24:03.000Z
We only allow plain objects that can be faithfully serialized and deserialized through JSON to pass through the serialization boundary. It's a bit too expensive to do all the possible checks in production so we do most checks in DEV, so it's still possible to pass an object in production by mistake. This is currently exaggerated by frameworks because the logs on the server aren't visible enough. Even so, it's possible to do a mistake without testing it in DEV or just testing a conditional branch. That might have security implications if that object wasn't supposed to be passed. We can't rely on only checking if the prototype is `Object.prototype` because that wouldn't work with cross-realm objects which is unfortunate. However, if it isn't, we can check wether it has exactly one prototype on the chain which would catch the common error of passing a class instance. DiffTrain build for commit e61a60f.
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-dev.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-dev.js
@@ -24770,7 +24770,7 @@ function createFiberRoot(
   return root;
 }
 
-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";
+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";
 
 // Might add PROFILE later.
 
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-prod.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-prod.js
@@ -8968,7 +8968,7 @@ var devToolsConfig$jscomp$inline_1008 = {
     throw Error("TestRenderer does not support findFiberByHostInstance()");
   },
   bundleType: 0,
-  version: "18.3.0-canary-1fc58281a-20231011",
+  version: "18.3.0-canary-e61a60fac-20231011",
   rendererPackageName: "react-test-renderer"
 };
 var internals$jscomp$inline_1201 = {
@@ -8999,7 +8999,7 @@ var internals$jscomp$inline_1201 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-canary-1fc58281a-20231011"
+  reconcilerVersion: "18.3.0-canary-e61a60fac-20231011"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1202 = __REACT_DEVTOOLS_GLOBAL_HOOK__;
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-profiling.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-profiling.js
@@ -9394,7 +9394,7 @@ var devToolsConfig$jscomp$inline_1050 = {
     throw Error("TestRenderer does not support findFiberByHostInstance()");
   },
   bundleType: 0,
-  version: "18.3.0-canary-1fc58281a-20231011",
+  version: "18.3.0-canary-e61a60fac-20231011",
   rendererPackageName: "react-test-renderer"
 };
 var internals$jscomp$inline_1242 = {
@@ -9425,7 +9425,7 @@ var internals$jscomp$inline_1242 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-canary-1fc58281a-20231011"
+  reconcilerVersion: "18.3.0-canary-e61a60fac-20231011"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1243 = __REACT_DEVTOOLS_GLOBAL_HOOK__;
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-dev.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-dev.js
@@ -27,7 +27,7 @@ if (
 }
           "use strict";
 
-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";
+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";
 
 // ATTENTION
 // When adding new symbols to this file,
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-prod.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-prod.js
@@ -580,4 +580,4 @@ exports.useSyncExternalStore = function (
 exports.useTransition = function () {
   return ReactCurrentDispatcher.current.useTransition();
 };
-exports.version = "18.3.0-canary-1fc58281a-20231011";
+exports.version = "18.3.0-canary-e61a60fac-20231011";
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-profiling.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-profiling.js
@@ -583,7 +583,7 @@ exports.useSyncExternalStore = function (
 exports.useTransition = function () {
   return ReactCurrentDispatcher.current.useTransition();
 };
-exports.version = "18.3.0-canary-1fc58281a-20231011";
+exports.version = "18.3.0-canary-e61a60fac-20231011";
 
           /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
 if (
diff --git a/compiled-rn/facebook-fbsource/xplat/js/react-native-github/Libraries/Renderer/REVISION b/compiled-rn/facebook-fbsource/xplat/js/react-native-github/Libraries/Renderer/REVISION
@@ -1 +1 @@
-1fc58281af73ca4507c41d53a3e08dc2038b0c1f
+e61a60fac02d205ad928bff6de2449f00646a92c

Original file line number	Diff line number	Diff line change
`@@ -24770,7 +24770,7 @@ function createFiberRoot(`
`24770`	`24770`	`return root;`
`24771`	`24771`	`}`
`24772`	`24772`
`24773`		`-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";`
	`24773`	`+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";`
`24774`	`24774`
`24775`	`24775`	`// Might add PROFILE later.`
`24776`	`24776`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ if (`
`27`	`27`	`}`
`28`	`28`	`"use strict";`
`29`	`29`
`30`		`-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";`
	`30`	`+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";`
`31`	`31`
`32`	`32`	`// ATTENTION`
`33`	`33`	`// When adding new symbols to this file,`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-1fc58281af73ca4507c41d53a3e08dc2038b0c1f`
	`1`	`+e61a60fac02d205ad928bff6de2449f00646a92c`