Skip to content

fix: try catch strict_equals to avoid error accessing STATE_SYMBOL #13216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 12, 2024
Merged

fix: try catch strict_equals to avoid error accessing STATE_SYMBOL #13216

merged 2 commits into from
Sep 12, 2024

Conversation

paoloricciuti
Copy link
Member

Svelte 5 rewrite

Closes #13214

I'm not 100% sure with this fix but i don't think we can really do much here...it's a very niche case because you are trying to access something where you can't check if STATE_SYMBOL is there without causing trouble in the first place.

But since it's no harm i guess we can just try catch it. No test for the moment but i actually just thought of a way to test this so i'm gonna try to write a test.

Please note that the Svelte codebase is currently being rewritten for Svelte 5. Changes should target Svelte 5, which lives on the default branch (main).

If your PR concerns Svelte 4 (including updates to svelte.dev.docs), please ensure the base branch is svelte-4 and not main.

Before submitting the PR, please make sure you do the following

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • Prefix your PR title with feat:, fix:, chore:, or docs:.
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests and linting

  • Run the tests with pnpm test and lint the project with pnpm lint

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 12, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 7a4c06c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
svelte Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

dummdidumm
dummdidumm approved these changes Sep 12, 2024
View reviewed changes
Copy link
Member

@dummdidumm dummdidumm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't think we need a test here - comment is enough

@Xerios
Copy link

Xerios commented Sep 12, 2024
edited
Loading

Thanks for the commit.

I wouldn't call this a niche case, these strict object restrictions are quite common for Isolated Web Apps (IWAs).
Depending on the sandboxing rules, there are plenty of other objects which would trigger same error in the same way (eg local/sessionStorage, idb, sharedworkers, cookies, clipboard api, etc...)

@dummdidumm dummdidumm merged commit 0b25e2b into main Sep 12, 2024
8 of 9 checks passed
@dummdidumm dummdidumm deleted the try-catch-strict-equals branch September 12, 2024 08:18
@github-actions github-actions bot mentioned this pull request Sep 12, 2024
Merged
@paoloricciuti paoloricciuti mentioned this pull request Sep 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dummdidumm dummdidumm dummdidumm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Svelte 5: generated strict_equals causes cross-origin iframe SecurityError due to get_proxied_value attempting to read a property on a secure context

3 participants

@paoloricciuti @Xerios @dummdidumm