fix: text matching Object.prototype property names rendered as image#768
Open
rafaumeu wants to merge 1 commit into
Open
fix: text matching Object.prototype property names rendered as image#768rafaumeu wants to merge 1 commit into
rafaumeu wants to merge 1 commit into
Conversation
…ercel#746) When text content exactly matched an Object.prototype property name (e.g. 'constructor', 'toString', 'valueOf'), the bracket-notation lookup graphemeImages[s] returned the inherited property instead of undefined, causing the text to be treated as an image reference. Fix: use Object.prototype.hasOwnProperty.call() before accessing the value in both isImage() and the rendering path.
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem (#746)
When text content passed to Satori exactly matched an
Object.prototypeproperty name (e.g."constructor","toString","valueOf"), the text was silently not rendered. Instead, an<image>element with an invalidhrefwas emitted.Root Cause
Two locations in
src/text/index.tsused bracket-notation lookup on a user-providedgraphemeImagesobject:isImage(s)(line 122):graphemeImages[s]— whensis"constructor", this returnsObject.prototype.constructor(a truthy function), so the text was incorrectly treated as an image.Rendering path (line 558):
graphemeImages[text]— same issue, returns the inherited property instead ofundefined.Fix
Use
Object.prototype.hasOwnProperty.call()to check for own properties before accessing the value:Testing
All 433 existing tests pass. The fix only affects edge cases where text exactly matches
Object.prototypeproperty names — normal usage is unaffected.