Skip to content

fix: create_context 的空物件改为 Object.create(null)#1397

Open
cyfung1031 wants to merge 1 commit intomainfrom
fix/createContext/change-to-no-prototype-object
Open

fix: create_context 的空物件改为 Object.create(null)#1397
cyfung1031 wants to merge 1 commit intomainfrom
fix/createContext/change-to-no-prototype-object

Conversation

@cyfung1031
Copy link
Copy Markdown
Collaborator

@cyfung1031 cyfung1031 commented May 1, 2026
edited
Loading

Checklist / 检查清单

  • Fixes mentioned issues / 修复已提及的问题
  • Code reviewed by human / 代码通过人工检查
  • Changes tested / 已完成测试

Description / 描述

有点难重视。但我确实遇到了这个问题
当其他脚本先注入到环境,例如用了 @unwrap,又或者是其他 userscript manager, 又或者是其他 浏览器扩充直接插入 page script

当它们进行以下的 Object.prototype 骑劫后,

Object.defineProperty(Object.prototype, "test", {
    set(_newValue) {
        if (!this.testComplete) {
            // do Something
            this.testComplete = true;
        }
    },
    get() {
        return 1;
    }
});

这样的话,如果直接用 const desc = {}, 然后

desc["test"] = {
    enumerable: true,
    configurable: true,
    value: 123
    writeable: true,
};

这样就会在 desc 里生成一个 testComplete: true

最终 Object.create 就会失败然后完全崩溃

解決方法是把 {} 改成 Object.create(null)

Screenshots / 截图

@cyfung1031 cyfung1031 added bug Something isn't working P0 🚑 需要紧急处理的内容 labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working P0 🚑 需要紧急处理的内容

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cyfung1031