From 9b4bb68e5ca3f94d78d029d657ba3d8ba8eed600 Mon Sep 17 00:00:00 2001 From: arjunshibu Date: Mon, 23 Nov 2020 20:18:52 +0530 Subject: [PATCH 1/3] fix for prototype pollution --- pointer.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pointer.ts b/pointer.ts index d5c5d57..b32bd49 100644 --- a/pointer.ts +++ b/pointer.ts @@ -69,6 +69,8 @@ export class Pointer { for (let i = 1, l = this.tokens.length; i < l; i++) { parent = value key = this.tokens[i] + if (key == '__proto__' || key == 'constructor' || key == 'prototype') + continue; // not sure if this the best way to handle non-existant paths... value = (parent || {})[key] } From 2e7266aa9442c38c06c09dfac9261f21aa1726ba Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Wed, 10 Mar 2021 15:40:02 +0000 Subject: [PATCH 2/3] Update pointer.ts --- pointer.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pointer.ts b/pointer.ts index b32bd49..d8f2c84 100644 --- a/pointer.ts +++ b/pointer.ts @@ -69,7 +69,7 @@ export class Pointer { for (let i = 1, l = this.tokens.length; i < l; i++) { parent = value key = this.tokens[i] - if (key == '__proto__' || key == 'constructor' || key == 'prototype') + if (['__proto__', 'constructor', 'prototype'].includes(key)) continue; // not sure if this the best way to handle non-existant paths... value = (parent || {})[key] From 611c6f72c597f15adab1cf360c83e04a6ca7edbe Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Thu, 11 Mar 2021 07:11:29 +0000 Subject: [PATCH 3/3] Update pointer.ts --- pointer.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pointer.ts b/pointer.ts index d8f2c84..e1a5f7a 100644 --- a/pointer.ts +++ b/pointer.ts @@ -72,7 +72,7 @@ export class Pointer { if (['__proto__', 'constructor', 'prototype'].includes(key)) continue; // not sure if this the best way to handle non-existant paths... - value = (parent || {})[key] + value = parent?.[key] } return {parent, key, value} }