From c006ce9faa43d31edb34924f1df7b79c137096cf Mon Sep 17 00:00:00 2001
From: arjunshibu <arjunshibu1999@gmail.com>
Date: Mon, 23 Nov 2020 20:18:52 +0530
Subject: [PATCH] Fix prototype pollution vulnerability

Closes #76
---
 pointer.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pointer.ts b/pointer.ts
index d5c5d57..d6fecfb 100644
--- a/pointer.ts
+++ b/pointer.ts
@@ -69,6 +69,9 @@ export class Pointer {
     for (let i = 1, l = this.tokens.length; i < l; i++) {
       parent = value
       key = this.tokens[i]
+      if (key == '__proto__' || key == 'constructor' || key == 'prototype') {
+        continue
+      }
       // not sure if this the best way to handle non-existant paths...
       value = (parent || {})[key]
     }