babel: transform-es2015-typeof-symbol causes cross-domain error in IE
transform-es2015-typeof-symbol converts typeof foo to _typeof(foo) when typeof Symbol.iterator !== "symbol". _typeof is implemented as follows:
function(obj) {
return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
}
That obj.constructor property lookup throws an error when it’s applied to a cross-domain window object. For example, typeof window.frames[0] transpiles to _typeof(window.frames[0]) which ends up calling window.frames[0].constructor, which triggers a cross-domain permission error.
Input Code
typeof window.frames[0];
"use strict";
var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; };
_typeof(window.frames[0]);
Babel Configuration (.babelrc, package.json, cli command)
{
"presets": [ "es2015" ]
}
Expected Behavior
_typeof should not try to access privileged properties on a cross-domain window object.
Current Behavior
_typeof tries to access privileged properties on a cross-domain window object.
Possible Solution
try/catch and fall-back to typeof?
Context
Broke the following addition to post-robot, which allows sending messages to remote windows. We validate the passed window using typeof to ensure it’s at least an "object"
Your Environment
| software | version |
|---|---|
| Babel | 6 |
| node | 4 |
| npm | 3 |
| Operating System | Windows 7 / IE9-11 |
About this issue
- Original URL
- State: open
- Created 7 years ago
- Comments: 15 (6 by maintainers)