fix(runtime-core): prevent self-injection (#2424)

fix #2400
This commit is contained in:
Hunter 2020-10-20 08:45:48 +08:00 committed by GitHub
parent 314ab2c7c5
commit 111d04f119
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 2 deletions

View File

@ -303,4 +303,19 @@ describe('api: provide/inject', () => {
render(h(Provider), root)
expect(`injection "foo" not found.`).not.toHaveBeenWarned()
})
// #2400
it('should not self-inject', () => {
const Comp = {
setup() {
provide('foo', 'foo')
const injection = inject('foo', null)
return () => injection
}
}
const root = nodeOps.createElement('div')
render(h(Comp), root)
expect(serialize(root)).toBe(`<div><!----></div>`)
})
})

View File

@ -47,8 +47,15 @@ export function inject(
// a functional component
const instance = currentInstance || currentRenderingInstance
if (instance) {
const provides = instance.provides
if ((key as string | symbol) in provides) {
// #2400
// to support `app.use` plugins,
// fallback to appContext's `provides` if the intance is at root
const provides =
instance.parent == null
? instance.vnode.appContext && instance.vnode.appContext.provides
: instance.parent.provides
if (provides && (key as string | symbol) in provides) {
// TS doesn't allow symbol as index type
return provides[key as string]
} else if (arguments.length > 1) {