🐛 修复沙盒toString问题 #737

CodFrm · CodFrm · commit a4cefbc791fc · 2025-09-15T17:11:57.000+08:00
diff --git a/src/app/service/content/create_context.ts b/src/app/service/content/create_context.ts
@@ -104,17 +104,6 @@ const getAllPropertyDescriptors = (obj: any, callback: ForEachCallback<[string |
   }
 };
 
-// mySandbox 不进行with变量拦截
-const unscopables: Record<PropertyKey, any> = {
-  this: true,
-  arguments: true,
-  // "await": true,
-  // "define": true,
-  // "module": true,
-  // "exports": true,
-  [Symbol.unscopables]: true,
-};
-
 // 在 CacheSet 加入的propKeys将会在 mySandbox 实装阶段时设置
 const descsCache: Set<string | symbol> = new Set(["eval", "window", "self", "globalThis", "top", "parent"]);
 
@@ -174,6 +163,8 @@ descsCache.clear(); // 内存释放
 const sharedInitCopy = Object.create(null, {
   ...initOwnDescs,
   ...overridedDescs,
+  // Symbol.toStringTag设置为 Window
+  [Symbol.toStringTag]: { value: "Window", writable: false, enumerable: false, configurable: true },
 });
 
 type GMWorldContext = typeof globalThis & Record<PropertyKey, any>;
@@ -290,12 +281,6 @@ export const createProxyContext = <const Context extends GMWorldContext>(context
   // 把初始Copy加上特殊变量后，生成一份新Copy
   mySandbox = Object.create(Object.getPrototypeOf(sharedInitCopy), ownDescs);
 
-  // 用於避开 mySandbox 的with拦截
-  mySandbox[Symbol.unscopables] = {
-    ...(mySandbox[Symbol.unscopables] || {}),
-    ...unscopables,
-  };
-
   // 处理特殊关键字，不能穿越出沙盒，也不能被外部修改
   for (const key of ["define", "module", "exports"]) {
     mySandbox[key] = undefined;
diff --git a/src/app/service/content/exec_script.test.ts b/src/app/service/content/exec_script.test.ts
@@ -407,8 +407,23 @@ describe("沙盒环境测试", async () => {
   });
   // toString.call(window)返回的是'[object Object]',影响内容: https://github.com/scriptscat/scriptcat/issues/260
   it("toString.call(window)", () => {
-    expect(toString.call(_this)).toEqual(`[object ${tag}]`); // 与 global 一致
-    expect(toString.call(_this)).not.toEqual("[object Object]"); // 不是 [object Object]
+    expect(toString.call(_this)).toEqual(`[object Window]`);
+  });
+
+  // 与TM保持一致，toString返回global([object Window]) #737
+  it("toString", async () => {
+    scriptRes2.code = `return {
+      toStringThis: {}.toString.call(this),
+      toStringWindow: {}.toString.call(window),
+      toString: toString(),
+    }`;
+    sandboxExec.scriptFunc = compileScript(compileScriptCode(scriptRes2));
+    const ret = await sandboxExec.exec();
+    expect(ret).toEqual({
+      toStringThis: `[object Window]`,
+      toStringWindow: `[object Window]`,
+      toString: `[object ${tag}]`,
+    });
   });
 
   // Object.hasOwnProperty穿透 https://github.com/scriptscat/scriptcat/issues/272
