Skip to content

Commit

Permalink
Fix Prototype Pollution
Browse files Browse the repository at this point in the history
  • Loading branch information
alromh87 committed Oct 9, 2020
1 parent bf8b1ff commit c2f8454
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion dist/merge.browser.min.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/merge.browser.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ function _merge(isClone, isRecursive, items) {
if (!isPlainObject(item))
continue;
for (var key in item) {
if (key === '__proto__')
if (key === '__proto__' || key === 'constructor' || key === 'prototype')
continue;
var value = isClone ? clone(item[key]) : item[key];
result[key] = isRecursive ? _recursiveMerge(result[key], value) : value;
Expand Down
2 changes: 1 addition & 1 deletion lib/src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ function _merge(isClone, isRecursive, items) {
if (!isPlainObject(item))
continue;
for (var key in item) {
if (key === '__proto__')
if (key === '__proto__' || key === 'constructor' || key === 'prototype')
continue;
var value = isClone ? clone(item[key]) : item[key];
result[key] = isRecursive ? _recursiveMerge(result[key], value) : value;
Expand Down
2 changes: 1 addition & 1 deletion src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ function _merge(isClone: boolean, isRecursive: boolean, items: any[]) {
continue

for (const key in item) {
if (key === '__proto__') continue
if (key === '__proto__' || key === 'constructor' || key === 'prototype') continue
const value = isClone ? clone(item[key]) : item[key]
result[key] = isRecursive ? _recursiveMerge(result[key], value) : value
}
Expand Down

0 comments on commit c2f8454

Please sign in to comment.