Skip to content

Commit

Permalink
Merge pull request #1 from Asjidkalam/master
Browse files Browse the repository at this point in the history 
Fixed prototype pollution in mout
  • Loading branch information
@JamieSlome
JamieSlome committed Jan 14, 2021
2 parents 2189378 + bd18212 commit 397fa13
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/object/set.js
View file
Expand Up @@ -4,6 +4,10 @@ define(['./namespace'], function (namespace) {
* set "nested" object property
*/
function set(obj, prop, val){
// prototype pollution mitigation
if(prop.includes('__proto__') || prop.includes('prototype') || prop.includes('constructor')) {
return false;
}
var parts = (/^(.+)\.(.+)$/).exec(prop);
if (parts){
namespace(obj, parts[1])[parts[2]] = val;
Expand Down

0 comments on commit 397fa13

Please sign in to comment.