[Flight] Enforce "simple object" rule in production (#27502)

We only allow plain objects that can be faithfully serialized and deserialized through JSON to pass through the serialization boundary. It's a bit too expensive to do all the possible checks in production so we do most checks in DEV, so it's still possible to pass an object in production by mistake. This is currently exaggerated by frameworks because the logs on the server aren't visible enough. Even so, it's possible to do a mistake without testing it in DEV or just testing a conditional branch. That might have security implications if that object wasn't supposed to be passed. We can't rely on only checking if the prototype is `Object.prototype` because that wouldn't work with cross-realm objects which is unfortunate. However, if it isn't, we can check wether it has exactly one prototype on the chain which would catch the common error of passing a class instance. DiffTrain build for commit e61a60f.
facebook · Oct 11, 2023 · a892e8a · a892e8a
1 parent 492aa81
commit a892e8a
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 9 deletions.
diff --git a/...ook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-dev.js b/...ook-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-dev.js
@@ -24770,7 +24770,7 @@ function createFiberRoot(
   return root;
 }
 
-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";
+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";
 
 // Might add PROFILE later.
 

diff --git a/...ok-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-prod.js b/...ok-fbsource/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-prod.js
@@ -8968,7 +8968,7 @@ var devToolsConfig$jscomp$inline_1008 = {
     throw Error("TestRenderer does not support findFiberByHostInstance()");
   },
   bundleType: 0,
-  version: "18.3.0-canary-1fc58281a-20231011",
+  version: "18.3.0-canary-e61a60fac-20231011",
   rendererPackageName: "react-test-renderer"
 };
 var internals$jscomp$inline_1201 = {
@@ -8999,7 +8999,7 @@ var internals$jscomp$inline_1201 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-canary-1fc58281a-20231011"
+  reconcilerVersion: "18.3.0-canary-e61a60fac-20231011"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1202 = __REACT_DEVTOOLS_GLOBAL_HOOK__;

diff --git a/...source/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-profiling.js b/...source/xplat/js/RKJSModules/vendor/react-test-renderer/cjs/ReactTestRenderer-profiling.js
@@ -9394,7 +9394,7 @@ var devToolsConfig$jscomp$inline_1050 = {
     throw Error("TestRenderer does not support findFiberByHostInstance()");
   },
   bundleType: 0,
-  version: "18.3.0-canary-1fc58281a-20231011",
+  version: "18.3.0-canary-e61a60fac-20231011",
   rendererPackageName: "react-test-renderer"
 };
 var internals$jscomp$inline_1242 = {
@@ -9425,7 +9425,7 @@ var internals$jscomp$inline_1242 = {
   scheduleRoot: null,
   setRefreshHandler: null,
   getCurrentFiber: null,
-  reconcilerVersion: "18.3.0-canary-1fc58281a-20231011"
+  reconcilerVersion: "18.3.0-canary-e61a60fac-20231011"
 };
 if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
   var hook$jscomp$inline_1243 = __REACT_DEVTOOLS_GLOBAL_HOOK__;

diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-dev.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-dev.js
@@ -27,7 +27,7 @@ if (
 }
           "use strict";
 
-var ReactVersion = "18.3.0-canary-1fc58281a-20231011";
+var ReactVersion = "18.3.0-canary-e61a60fac-20231011";
 
 // ATTENTION
 // When adding new symbols to this file,

diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-prod.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-prod.js
@@ -580,4 +580,4 @@ exports.useSyncExternalStore = function (
 exports.useTransition = function () {
   return ReactCurrentDispatcher.current.useTransition();
 };
-exports.version = "18.3.0-canary-1fc58281a-20231011";
+exports.version = "18.3.0-canary-e61a60fac-20231011";
diff --git a/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-profiling.js b/compiled-rn/facebook-fbsource/xplat/js/RKJSModules/vendor/react/cjs/React-profiling.js
@@ -583,7 +583,7 @@ exports.useSyncExternalStore = function (
 exports.useTransition = function () {
   return ReactCurrentDispatcher.current.useTransition();
 };
-exports.version = "18.3.0-canary-1fc58281a-20231011";
+exports.version = "18.3.0-canary-e61a60fac-20231011";
 
           /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
 if (

diff --git a/compiled-rn/facebook-fbsource/xplat/js/react-native-github/Libraries/Renderer/REVISION b/compiled-rn/facebook-fbsource/xplat/js/react-native-github/Libraries/Renderer/REVISION
@@ -1 +1 @@
-1fc58281af73ca4507c41d53a3e08dc2038b0c1f
+e61a60fac02d205ad928bff6de2449f00646a92c
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		1fc58281af73ca4507c41d53a3e08dc2038b0c1f
		e61a60fac02d205ad928bff6de2449f00646a92c