fix(babel-plugin-rn-stylename-to-style): more strict check for compilers used in the file

cray0000 · cray0000 · commit 777f1809aa91 · 2025-11-08T20:01:55.000+02:00
diff --git a/packages/babel-plugin-rn-stylename-inline/index.js b/packages/babel-plugin-rn-stylename-inline/index.js
@@ -28,9 +28,9 @@ const getVisitor = ({ $program, usedCompilers }) => ({
     if (!shouldProcess($this, usedCompilers)) return
 
     // I. validate template
-    validateTemplate($this, usedCompilers)
+    validateTemplate($this)
 
-    const compiler = usedCompilers[$this.node.tag.name]
+    const compiler = usedCompilers.get($this.node.tag.name)
 
     // II. compile template
     const source = $this.node.quasi.quasis[0]?.value?.raw || ''
@@ -90,13 +90,13 @@ function insertAfterImports ($program, expressionStatement) {
   }
 }
 
-function shouldProcess ($template, usedCompilers = {}) {
+function shouldProcess ($template, usedCompilers) {
   if (!$template.get('tag').isIdentifier()) return
-  if (!usedCompilers[$template.node.tag.name]) return
+  if (!usedCompilers.has($template.node.tag.name)) return
   return true
 }
 
-function validateTemplate ($template, usedCompilers = {}) {
+function validateTemplate ($template) {
   const { node: { quasi } } = $template
 
   if (quasi.expressions.length > 0) {
@@ -107,16 +107,17 @@ function validateTemplate ($template, usedCompilers = {}) {
 }
 
 function getUsedCompilers ($program, state) {
-  const res = {}
+  const res = new Map()
   const magicImports = state.opts.magicImports || DEFAULT_MAGIC_IMPORTS
   for (const $import of $program.get('body')) {
     if (!$import.isImportDeclaration()) continue
     if (!magicImports.includes($import.node.source.value)) continue
     for (const $specifier of $import.get('specifiers')) {
       if (!$specifier.isImportSpecifier()) continue
       const { local, imported } = $specifier.node
-      if (compilers[imported.name]) {
-        res[local.name] = compilers[imported.name]
+      // it's important to use hasOwnProperty here to avoid prototype pollution issues, like 'toString'
+      if (Object.prototype.hasOwnProperty.call(compilers, imported.name)) {
+        res.set(local.name, compilers[imported.name])
       }
     }
   }
diff --git a/packages/babel-plugin-rn-stylename-to-style/index.js b/packages/babel-plugin-rn-stylename-to-style/index.js
@@ -362,7 +362,7 @@ module.exports = function (babel) {
             CallExpression ($this, state) {
               const $callee = $this.get('callee')
               if (!$callee.isIdentifier()) return
-              if (!usedCompilers?.[$callee.node.name]) return
+              if (!usedCompilers.has($callee.node.name)) return
               // Create a `process` function call
               state.hasTransformedClassName = true
               const processCall = t.callExpression(
@@ -537,7 +537,7 @@ function findReactFnComponent ($jsxAttribute) {
 
 // Get compilers from the magic import
 function getUsedCompilers ($program, state) {
-  const res = {}
+  const res = new Map()
   const magicImports = state.opts.magicImports || DEFAULT_MAGIC_IMPORTS
   for (const $import of $program.get('body')) {
     if (!$import.isImportDeclaration()) continue
@@ -546,7 +546,7 @@ function getUsedCompilers ($program, state) {
       if (!$specifier.isImportSpecifier()) continue
       const { local, imported } = $specifier.node
       if (COMPILERS.includes(imported.name)) {
-        res[local.name] = true
+        res.set(local.name, true)
         $specifier.remove()
       }
     }
