aboutsummaryrefslogtreecommitdiff
path: root/ext/wasm/api
diff options
context:
space:
mode:
Diffstat (limited to 'ext/wasm/api')
-rw-r--r--ext/wasm/api/sqlite3-api-oo1.js33
1 files changed, 26 insertions, 7 deletions
diff --git a/ext/wasm/api/sqlite3-api-oo1.js b/ext/wasm/api/sqlite3-api-oo1.js
index 425b52eec..06d1df43f 100644
--- a/ext/wasm/api/sqlite3-api-oo1.js
+++ b/ext/wasm/api/sqlite3-api-oo1.js
@@ -179,12 +179,30 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){
const pVfs = capi.sqlite3_js_db_vfs(pDb);
if(!pVfs) toss3("Internal error: cannot get VFS for new db handle.");
const postInitSql = __vfsPostOpenSql[pVfs];
- if(postInitSql instanceof Function){
- postInitSql(this, sqlite3);
- }else if(postInitSql){
- checkSqlite3Rc(
- pDb, capi.sqlite3_exec(pDb, postInitSql, 0, 0, 0)
- );
+ if(postInitSql){
+ if(capi.sqlite3_activate_see){
+ /**
+ In SEE-capable builds we have to avoid running any db
+ code before the client has an opportunity to apply their
+ decryption key. If we first run any db code, e.g. pragma
+ journal_mode=..., then it will fail with SQLITE_NOTADB
+ and the db handle will be left in an unusuable
+ state. Note that at this point we do not actually know
+ whether the db is encrypted, but if a client has gone out
+ of their way to create an SEE build, it seems safe to
+ assume that they are using the encryption.
+ */
+ sqlite3.config.warn(
+ "Disabling execution of on-open() db code "+
+ "because this is an SEE build. DB: "+fnJs
+ );
+ }else if(postInitSql instanceof Function){
+ postInitSql(this, sqlite3);
+ }else{
+ checkSqlite3Rc(
+ pDb, capi.sqlite3_exec(pDb, postInitSql, 0, 0, 0)
+ );
+ }
}
}catch(e){
this.close();
@@ -288,7 +306,8 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){
For purposes of passing a DB instance to C-style sqlite3
functions, the DB object's read-only `pointer` property holds its
`sqlite3*` pointer value. That property can also be used to check
- whether this DB instance is still open.
+ whether this DB instance is still open: it will evaluate to
+ `undefined` after the DB object's close() method is called.
In the main window thread, the filenames `":localStorage:"` and
`":sessionStorage:"` are special: they cause the db to use either