fix: check prototype property access in strict-mode (#1736)

nknapp · nknapp · commit b6d3de7123ee · 2021-02-13T13:41:40.000+01:00
diff --git a/lib/handlebars/runtime.js b/lib/handlebars/runtime.js
@@ -124,7 +124,7 @@ export function template(templateSpec, env) {
           loc: loc
         });
       }
-      return obj[name];
+      return container.lookupProperty(obj, name);
     },
     lookupProperty: function(parent, propertyName) {
       let result = parent[propertyName];
diff --git a/spec/security.js b/spec/security.js
@@ -298,6 +298,10 @@ describe('security issues', function() {
         checkProtoPropertyAccess({ compat: true });
       });
 
+      describe('in strict-mode', function() {
+        checkProtoPropertyAccess({ strict: true });
+      });
+
       function checkProtoPropertyAccess(compileOptions) {
         it('should be prohibited by default and log a warning', function() {
           var spy = sinon.spy(console, 'error');

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ export function template(templateSpec, env) {`
`124`	`124`	`loc: loc`
`125`	`125`	`});`
`126`	`126`	`}`
`127`		`- return obj[name];`
	`127`	`+ return container.lookupProperty(obj, name);`
`128`	`128`	`},`
`129`	`129`	`lookupProperty: function(parent, propertyName) {`
`130`	`130`	`let result = parent[propertyName];`