Skip to content

Commit

Permalink
Reject Runtime.evaluate messages with the wrong contextId
Browse files Browse the repository at this point in the history 
Summary:
Changelog: [Internal]

Hermes:

Adds the missing `validateExecutionContext` call to `Runtime.evaluate`.

React Native:

Adds an integration test case to cover the expected behaviour around targeting `Runtime.evaluate` by execution context.

bypass-github-export-checks

Reviewed By: huntie

Differential Revision: D53776532

fbshipit-source-id: 66676383ba5b373fdbf2deb8c75f22791b07e300
  • Loading branch information
@motiz88 @facebook-github-bot
motiz88 authored and facebook-github-bot committed Feb 19, 2024
1 parent 3863a36 commit e7f86e3
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions API/hermes/inspector/chrome/CDPHandler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1405,6 +1405,9 @@ void CDPHandlerImpl::handle(const m::runtime::EnableRequest &req) {
}

void CDPHandlerImpl::handle(const m::runtime::EvaluateRequest &req) {
if (!validateExecutionContext(req.id, req.contextId)) {
return;
}
{
pendingEvals_.push(
{req.id,
Expand Down

0 comments on commit e7f86e3

Please sign in to comment.