[BUG FIX] fix memory leakage & object properties exposure & TTP xml parse fallback to null#1242
Open
cyfung1031 wants to merge 8 commits intoscriptscat:mainfrom
Open
[BUG FIX] fix memory leakage & object properties exposure & TTP xml parse fallback to null#1242cyfung1031 wants to merge 8 commits intoscriptscat:mainfrom
cyfung1031 wants to merge 8 commits intoscriptscat:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
此 PR 修复了 GM_xmlhttpRequest 中三个相关问题,以提高与 Tampermonkey 的兼容性、防止内存泄漏并在 Trusted Types Policy 环境中安全处理错误。
主要变更:
- 将
response、responseText和responseXML改为不可枚举的 getter(enumerable: false),匹配 Tampermonkey 行为,防止Object.assign或JSON.stringify意外触发 getter - 通过 WeakMap 管理内部状态,实现自动垃圾回收,解决闭包导致的内存泄漏
- 在 TTP 受限页面中,当
DOMParser.parseFromString()失败时,responseXML返回null而非抛出异常
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/app/service/content/gm_api/gm_xhr.ts |
核心修复:重构 XHR 响应对象创建逻辑,使用 WeakMap + 非枚举 getter,添加 DOMParser 错误处理,优化异步处理器以避免闭包泄漏 |
example/tests/gm_xhr_test.js |
添加 objectProps 测试辅助函数,验证响应对象属性不会通过 Object.assign 或 JSON.stringify 暴露内部状态 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes three closely related issues in the
GM_xmlhttpRequestimplementation to improve compatibility with Tampermonkey (TM), prevent memory leaks, and handle Trusted Types Policy (TTP) environments safely.Changes
Non-enumerable response getters
response,responseTextandresponseXMLare now defined with non-enumerable getters (enumerable: false), matching Tampermonkey behavior.This prevents
Object.assign({}, response),JSON.stringify(response), or similar operations from unintentionally triggering getters or exposing internal state.Memory leak fix via weak references
Internal state is now managed through a
WeakMap. Getters are attached lazily only afterreadyState === 4.This allows the garbage collector to reclaim memory once the consumer no longer references the response/XHR object, eliminating closure-induced leaks.
Safe fallback for responseXML in TTP-restricted pages
When
DOMParser.parseFromString()fails due to Trusted Types violations (or other parse errors),responseXMLnow returnsnullinstead of throwing.This matches Tampermonkey's observed behavior in restricted environments.
Related issues
#1239 is a combination symptom of #1240 + #1241 (only reproducible when both conditions are met)
Important notes