Commit graph

3 commits

Author SHA1 Message Date
Trent Mick
e71890562e fix some test failures 2015-06-04 00:35:18 -07:00
Trent Mick
64b8fd1004 test cases for #182, style tweaks, changelog, etc. 2015-01-18 23:27:28 -08:00
Martin Gausby
c0ca774238 Defend against throwing defined props in stringify
If an object has a defined property, that is enumerable, and this
property throws an error, it will make JSON stringify throw an
error, and potentially bring down the program.

The solution so far is to try-catch with the usual json stringifyer,
that guards against circular references. If this throws an error
we will attempt to guard against defined properties; and return
[Throws] if a property throws an error when accesed.

The following examples illustrate the problem:

```js
var obj = {};
obj.__defineGetter__('foo', function() { throw new Error('ouch!'); });

JSON.stringify(obj.foo); // error thrown
```

And using `Object.defineProperty`:
```js
var obj = {};
Object.defineProperty(obj, 'foo', {
    get: function() { throw new Error('ouch!'); }
    enumerable: true // enumerable is false by default
});

JSON.stringify(obj.foo); // error thrown
```

The cases we have seen in production is third party modules that
has enumerable getters that try to access properties on undefined
objects.

Fixes #182.
2015-01-18 23:27:06 -08:00