diff --git a/modules/serialize/src/deserialize_factory.ts b/modules/serialize/src/deserialize_factory.ts index 1c1b0085f..b4c29cf33 100644 --- a/modules/serialize/src/deserialize_factory.ts +++ b/modules/serialize/src/deserialize_factory.ts @@ -197,7 +197,7 @@ export function deserializeFactory ( * @param encodedEncryptionContext Uint8Array */ function decodeEncryptionContext (encodedEncryptionContext: Uint8Array) { - const encryptionContext: EncryptionContext = {} + const encryptionContext: EncryptionContext = Object.create(null) /* Check for early return (Postcondition): The case of 0 length is defined as an empty object. */ if (!encodedEncryptionContext.byteLength) { return encryptionContext diff --git a/modules/serialize/test/deserialize_factory.test.ts b/modules/serialize/test/deserialize_factory.test.ts index 1e5c5850d..c0bf67e18 100644 --- a/modules/serialize/test/deserialize_factory.test.ts +++ b/modules/serialize/test/deserialize_factory.test.ts @@ -78,6 +78,17 @@ describe('deserializeFactory:decodeEncryptionContext', () => { expect(test).to.have.property('information') .and.to.eql('\u00bd + \u00bc = \u00be') }) + + it('Keys may be properties of Object.prototype, decodeEncryptionContext has to succeed', () => { + const { decodeEncryptionContext } = deserializeFactory(toUtf8, WebCryptoAlgorithmSuite) + + /* hasOwnProperty test vector */ + const encryptionContext = fixtures.hasOwnPropertyEncryptionContext().slice(2) + + const test = decodeEncryptionContext(encryptionContext) + expect(test).to.have.property('hasOwnProperty') + .and.to.eql('arbitraryValue') + }) }) describe('deserializeFactory:deserializeEncryptedDataKeys', () => { diff --git a/modules/serialize/test/fixtures.ts b/modules/serialize/test/fixtures.ts index 12efbc33e..7ce264ace 100644 --- a/modules/serialize/test/fixtures.ts +++ b/modules/serialize/test/fixtures.ts @@ -77,6 +77,10 @@ export function duplicateKeysEncryptionContext () { return new Uint8Array([ 0, 43, 0, 4, 0, 11, 105, 110, 102, 111, 114, 109, 97, 116, 105, 111, 110, 0, 12, 194, 189, 32, 43, 32, 194, 188, 32, 61, 32, 194, 190, 0, 11, 105, 110, 102, 111, 114, 109, 97, 116, 105, 111, 110, 0, 12, 194, 189, 32, 43, 32, 194, 188, 32, 61, 32, 194, 190, 0, 4, 115, 111, 109, 101, 0, 6, 112, 117, 98, 108, 105, 99, 0, 4, 115, 111, 109, 101, 0, 6, 112, 117, 98, 108, 105, 99 ]) } +export function hasOwnPropertyEncryptionContext () { + return new Uint8Array([ 0, 34, 0, 1, 0, 14, 104, 97, 115, 79, 119, 110, 80, 114, 111, 112, 101, 114, 116, 121, 0, 14, 97, 114, 98, 105, 116, 114, 97, 114, 121, 86, 97, 108, 117, 101 ]) +} + export function basicFrameIV () { return new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]) }