06b2741d44V8's CachedData source check hashes only the source length, so a preload edit that preserves byte length consumed the stale blob and ran the old bytecode. Bind cache entries to sha256 of the source: the renderer ships the hash of what it compiled, the browser stores it in the cache entry and only serves a blob whose hash matches the contents it just read. Reject cache writes for preload ids not served to the sending frame. Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Keeley Hammond <vertedinde@electronjs.org> |
||
|---|---|---|
| .. | ||
| app | ||
| browser | ||
| common | ||
| renderer | ||
| services/node | ||
| utility | ||