fix: prevent prototype polluting

TexteaInc · Jan 16, 2024 · 5474c87 · 5474c87
1 parent ec741f1
commit 5474c87
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/src/utils/index.ts b/src/utils/index.ts
@@ -82,6 +82,9 @@ export function deleteValue (input: any, path: (string | number)[], value: any)
 
   const [key, ...restPath] = path
   if (key !== undefined) {
+    if (key === '__proto__') {
+      throw new TypeError('Modification of prototype is not allowed')
+    }
     if (restPath.length > 0) {
       input[key] = deleteValue(input[key], restPath, value)
     } else {

diff --git a/tests/util.test.tsx b/tests/util.test.tsx
@@ -17,6 +17,13 @@ describe('function applyValue', () => {
     }).toThrow()
   })
 
+  test('prototype polluting', () => {
+    const original = {}
+    expect(() => {
+      applyValue(original, ['__proto__', 'polluted'], 1)
+    }).toThrow()
+  })
+
   test('undefined', () => {
     patches.forEach(patch => {
       const newValue = applyValue(undefined, [], patch)
@@ -101,6 +108,13 @@ describe('function deleteValue', () => {
     }).toThrow()
   })
 
+  test('prototype polluting', () => {
+    const original = {}
+    expect(() => {
+      deleteValue(original, ['__proto__', 'polluted'], 1)
+    }).toThrow()
+  })
+
   test('undefined', () => {
     patches.forEach(patch => {
       const newValue = deleteValue(undefined, [], patch)