Skip to content

Commit

Permalink
fix: dont pollute object proto #1
Browse files Browse the repository at this point in the history
  • Loading branch information
wdavidw committed Apr 25, 2021
1 parent fdeddcd commit cfd5fbf
Show file tree
Hide file tree
Showing 8 changed files with 34 additions and 2 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@

# Changelog

## Trunk

* fix: dont pollute object proto #1
* chore: latest dependencies

## Version 0.5.0

* feat: support object with null prototype
Expand Down
6 changes: 5 additions & 1 deletion dist/mixme.cjs.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ function _typeof(obj) {
}

// Generated by CoffeeScript 2.5.1
var _snake_case;
var _snake_case; exports.clone = void 0; exports.compare = void 0; exports.is_object = void 0; exports.is_object_literal = void 0; exports.merge = void 0; exports.mutate = void 0; exports.snake_case = void 0;

exports.merge = function merge() {
return exports.mutate.apply(void 0, [{}].concat(Array.prototype.slice.call(arguments)));
Expand Down Expand Up @@ -50,6 +50,10 @@ exports.mutate = function mutate() {
}

for (name in source) {
if (name === '__proto__') {
continue;
}

target[name] = exports.mutate(target[name], source[name]);
}
} else if (Array.isArray(source)) {
Expand Down
4 changes: 4 additions & 0 deletions dist/mixme.esm.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ _mutate = function mutate() {
}

for (name in source) {
if (name === '__proto__') {
continue;
}

target[name] = _mutate(target[name], source[name]);
}
} else if (Array.isArray(source)) {
Expand Down
6 changes: 5 additions & 1 deletion dist/mixme.umd.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
}

// Generated by CoffeeScript 2.5.1
var _snake_case;
var _snake_case; exports.clone = void 0; exports.compare = void 0; exports.is_object = void 0; exports.is_object_literal = void 0; exports.merge = void 0; exports.mutate = void 0; exports.snake_case = void 0;

exports.merge = function merge() {
return exports.mutate.apply(void 0, [{}].concat(Array.prototype.slice.call(arguments)));
Expand Down Expand Up @@ -52,6 +52,10 @@
}

for (name in source) {
if (name === '__proto__') {
continue;
}

target[name] = exports.mutate(target[name], source[name]);
}
} else if (Array.isArray(source)) {
Expand Down
3 changes: 3 additions & 0 deletions lib/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions src/index.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ mutate = ->
if is_object_literal source
target = {} unless is_object_literal target
for name of source
continue if name is '__proto__'
target[name] = mutate target[name], source[name]
else if Array.isArray source
target = for v in source
Expand Down
5 changes: 5 additions & 0 deletions test/merge.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,8 @@ describe 'mixme.merge', ->
.should.eql a: 1, b: 2, c: 0
obj2
.should.eql a: 1, c: 3, d: 4

it 'dont merge proto', ->
merge {}, JSON.parse '{"__proto__": {"polluted": "ohno"}}'
obj = Object.create {}
should(obj.polluted).be.Undefined()
6 changes: 6 additions & 0 deletions test/mutate.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ describe 'mutate', ->
{...obj1}
.should.eql { a: 'a value', b: 'b new', c: { d: 'd new', f: 'f value'}}

it 'dont merge proto', ->
src = {}
mutate src, JSON.parse '{"__proto__": {"polluted": "ohno"}}'
obj = Object.create {}
should(obj.polluted).be.Undefined()

describe '2nd arg not object', ->

it 'object with string', ->
Expand Down

0 comments on commit cfd5fbf

Please # to comment.