Skip to content

Commit

Permalink
add runtime-only test case
Browse files Browse the repository at this point in the history
  • Loading branch information
@goto-bus-stop
goto-bus-stop committed Oct 24, 2019
1 parent 5514699 commit 6b7b960
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions test/eval.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,3 +106,18 @@ test('disallow accessing constructor or __proto__', function (t) {
var res = evaluate(ast, { vars: { object: someValue } });
t.equal(res, undefined);
});


test('constructor at runtime only', function(t) {
t.plan(1)

var src = '(function myTag(y){return ""[!y?"__proto__":"constructor"][y]})("constructor")("console.log(process.env)")()'
var ast = parse(src).body[0].expression;
var res = evaluate(ast);
t.equal(res, undefined);

var src = '(function(prop) { return {}[prop ? "benign" : "constructor"][prop] })("constructor")("alert(1)")()'
var ast = parse(src).body[0].expression;
var res = evaluate(ast);
t.equal(res, undefined);
});

0 comments on commit 6b7b960

Please sign in to comment.