Merge pull request from GHSA-3hw5-q855-g6cw

Prevent the special __proto__ property name from being mixed in to prevent polluting the prototoype of the object being mixed into in the jqMix function in jq.js
dojo · Mar 10, 2020 · 47d1b30 · 47d1b30
1 parent 5491eff
commit 47d1b30
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/jq.js b/jq.js
@@ -455,7 +455,7 @@ dojo.query differences that cause some tests to fail:
 			// inherited from Object.prototype.  For example, if obj has a custom
 			// toString() method, don't overwrite it with the toString() method
 			// that props inherited from Object.prototype
-			if((tobj[x] === undefined || tobj[x] != props[x]) && props[x] !== undefined && obj != props[x]){
+			if(x !== '__proto__ ' && ((tobj[x] === undefined || tobj[x] != props[x])) && props[x] !== undefined && obj != props[x]){
 				if(dojo.isObject(obj[x]) && dojo.isObject(props[x])){
 					if(dojo.isArray(props[x])){
 						obj[x] = props[x];