Fix cross-realm TypedArray and ArrayBuffer detection#20
Open
ItsChrisHickman wants to merge 1 commit intogreggman:mainfrom
Open
Fix cross-realm TypedArray and ArrayBuffer detection#20ItsChrisHickman wants to merge 1 commit intogreggman:mainfrom
ItsChrisHickman wants to merge 1 commit intogreggman:mainfrom
Conversation
isTypedArray used `v.buffer instanceof ArrayBuffer` which fails when the value originates from a different JavaScript realm (e.g. an iframe). Each realm has its own built-in constructors, so instanceof returns false for objects created in another realm. Replace with `ArrayBuffer.isView(v)` which is specified to work across realms. Apply the same cross-realm fix to isBufferSource using an Object.prototype.toString fallback for ArrayBuffer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
isTypedArrayandisBufferSourceuseinstanceof ArrayBufferchecks that silently fail when values cross JavaScript realm boundaries. This happens whenever WebGL content runs inside an iframe and receives buffers from the parent page (or vice versa) — each realm has its ownArrayBufferconstructor, soinstanceofreturnsfalsefor objects created in the other realm. This has as real world application for THREE.js applications with javascript SDKs that provide the ability add THREE based enhancements.The result is that
bufferDatacalls reject perfectly validTypedArrayandArrayBufferinputs with an "unsupported src type" error, even though the data is correct.Fix
isTypedArray: Replacev && v.buffer && v.buffer instanceof ArrayBufferwithArrayBuffer.isView(v). This is the spec-recommended way to check for TypedArrays and DataViews — it works across realms by design and is supported in all browsers since IE10.isBufferSource: Add anObject.prototype.toString.call(v) === '[object ArrayBuffer]'fallback alongside the existinginstanceofcheck. Theinstanceoffast path still covers same-realm buffers with zero overhead; the fallback only activates for cross-realm cases.Why this is safe
Both replacement APIs are strictly more correct than
instanceof:ArrayBuffer.isViewreturnstruefor the exact same set of types (all TypedArray variants + DataView) that the original duck-typing check targeted, but without the realm limitation.Object.prototype.toStringfallback is the standard pattern for cross-realm type detection used throughout the JS ecosystem (e.g. lodash, Node.js internals).