Skip to content

Commit

Permalink
fix(safeSet): prototype pollution #25
Browse files Browse the repository at this point in the history
  • Loading branch information
@surunzi
surunzi committed Sep 22, 2021
1 parent e923f01 commit daeebe2
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/safeSet.js
View file
Expand Up @@ -28,7 +28,7 @@
* ): void;
*/

_('castPath isUndef');
_('castPath isUndef toStr isSymbol isStr');

exports = function(obj, path, val) {
path = castPath(path, obj);
Expand All @@ -38,6 +38,10 @@ exports = function(obj, path, val) {

prop = path.shift();
while (!isUndef(prop)) {
// #25
if (!isStr(prop) && !isSymbol(prop)) {
prop = toStr(prop);
}
if (
prop === '__proto__' ||
prop === 'constructor' ||
Expand Down
3 changes: 3 additions & 0 deletions test/safeSet.js
View file
Expand Up @@ -17,4 +17,7 @@ it('prototype pollution', function() {

safeSet({}, 'constructor.prototype.oops', 'It works!');
expect(a.oops).to.not.equal('It works!');

safeSet({}, [['__proto__'], 'oops'], 'It works!');
expect(a.oops).to.not.equal('It works!');
});

0 comments on commit daeebe2

Please sign in to comment.