Navigation Menu

Skip to content

Commit

Permalink
Fixed prototype pollution. #6
Browse files Browse the repository at this point in the history
  • Loading branch information
@fabiocaccamo
fabiocaccamo committed Dec 6, 2021
1 parent 457473e commit 102efaf
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/utils/ObjectUtil.js
View file
Expand Up @@ -217,6 +217,9 @@ ObjectUtil = {
var cursor = obj;
for (var i = 0, j = keys.length; i < j; i++) {
key = keys[i];
if (key === '__proto__') {
break;
}
if (!TypeUtil.isObject(cursor[key])) {
cursor[key] = {};
}
Expand Down
5 changes: 5 additions & 0 deletions test/test_object.js
View file
Expand Up @@ -304,6 +304,11 @@ describe('object', function() {
f(o, 'e.f.g', 'ok 2');
test.assertEqual(o['e']['f']['g'], 'ok 2');
});
it('test prototype pollution', function() {
f(o, '__proto__.polluted', true);
test.assertUndefined(o['polluted']);
test.assertUndefined({}.polluted);
});
});
describe('length', function() {
var f = obj.length;
Expand Down

0 comments on commit 102efaf

Please sign in to comment.