Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent prototype pollution while parsing query strings on V1 #2523

Merged
merged 4 commits into from Sep 10, 2019
Merged

Prevent prototype pollution while parsing query strings on V1 #2523

merged 4 commits into from Sep 10, 2019

Conversation

Hunter-Dolan
Copy link

@Hunter-Dolan Hunter-Dolan commented Aug 29, 2019
edited

Description

This PR ports the changes made in #2494 for Mithril 2.x and above to Mithril 1.1.x.

Motivation and Context

How Has This Been Tested?

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation change

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have updated docs/change-log.md

@project-bot project-bot bot added this to Needs triage in Triage/bugs Aug 29, 2019
@Hunter-Dolan Hunter-Dolan marked this pull request as ready for review August 29, 2019 14:34
@Hunter-Dolan Hunter-Dolan changed the title Prevent prototype pollution while parsing query strings Prevent prototype pollution while parsing query strings on V1 Aug 29, 2019
dead-claudia
dead-claudia reviewed Aug 29, 2019
View reviewed changes
docs/change-log.md Outdated Show resolved Hide resolved
dead-claudia
dead-claudia requested changes Aug 29, 2019
View reviewed changes
Copy link
Member

@dead-claudia dead-claudia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you make that one tweak to the changelog? That's my only nit.

@Hunter-Dolan @dead-claudia
Update docs/change-log.md
32ff6de 
Co-Authored-By: Isiah Meadows <contact@isiahmeadows.com>
@Hunter-Dolan
Copy link
Author

@isiahmeadows Great! All set on that, let me know if if there is anything else.

@dead-claudia dead-claudia moved this from Needs triage to High priority in Triage/bugs Sep 6, 2019
@dead-claudia
Copy link
Member

Sorry for the delay! Been a bit packed with stuff lately.

@dead-claudia dead-claudia merged commit b2b4800 into MithrilJS:v1_1_x Sep 10, 2019
Triage/bugs automation moved this from High priority to Closed Sep 10, 2019
@dead-claudia
Copy link
Member

Heads up, this change has been released in v1.1.7 alongside a small IE fix, but I'm still working on catching up the docs, putting together a quick announcement, and notifying npm to change their advisory.

@Hunter-Dolan Hunter-Dolan deleted the fix-querystring branch September 23, 2019 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dead-claudia dead-claudia dead-claudia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Triage/bugs
Closed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Hunter-Dolan @dead-claudia