From 0b25e2be0ee0f680ec9a375ff74d2d35bfdc2a8c Mon Sep 17 00:00:00 2001 From: Paolo Ricciuti Date: Thu, 12 Sep 2024 10:18:45 +0200 Subject: [PATCH] fix: try catch `strict_equals` to avoid error accessing `STATE_SYMBOL` (#13216) Can error if trying to access something while in a secure context, like iframe, sandboxes, etc. Fixes #13214 --- .changeset/late-geckos-draw.md | 5 +++++ packages/svelte/src/internal/client/dev/equality.js | 10 +++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 .changeset/late-geckos-draw.md diff --git a/.changeset/late-geckos-draw.md b/.changeset/late-geckos-draw.md new file mode 100644 index 0000000000..93c4fffc1d --- /dev/null +++ b/.changeset/late-geckos-draw.md @@ -0,0 +1,5 @@ +--- +'svelte': patch +--- + +fix: try catch `strict_equals` to avoid error accessing `STATE_SYMBOL` diff --git a/packages/svelte/src/internal/client/dev/equality.js b/packages/svelte/src/internal/client/dev/equality.js index c1c392ba87..170f7baf95 100644 --- a/packages/svelte/src/internal/client/dev/equality.js +++ b/packages/svelte/src/internal/client/dev/equality.js @@ -78,9 +78,13 @@ export function init_array_prototype_warnings() { * @returns {boolean} */ export function strict_equals(a, b, equal = true) { - if ((a === b) !== (get_proxied_value(a) === get_proxied_value(b))) { - w.state_proxy_equality_mismatch(equal ? '===' : '!=='); - } + // try-catch needed because this tries to read properties of `a` and `b`, + // which could be disallowed for example in a secure context + try { + if ((a === b) !== (get_proxied_value(a) === get_proxied_value(b))) { + w.state_proxy_equality_mismatch(equal ? '===' : '!=='); + } + } catch {} return (a === b) === equal; }