NotificationsYou must be signed in to change notification settings
Fork40
Star178

Commit6ad6035

committed

Fix prototype pollution

1 parent6fc27c2 commit6ad6035Copy full SHA for 6ad6035

File tree

6 files changed

+47

-7

lines changed

6 files changed

+47

-7

lines changed

`‎LICENSE‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`The MIT License (MIT)`
`2`	`2`
`3`		`-Copyright (c) 2014 yeikos - http://www.yeikos.com`
	`3`	`+Copyright (c) 2014 yeikos`
`4`	`4`
`5`	`5`	`Permission is hereby granted, free of charge, to any person obtaining a copy`
`6`	`6`	`of this software and associated documentation files (the "Software"), to deal`

`‎bower.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name":"merge",`
`3`		`-"version":"1.2.0",`
	`3`	`+"version":"1.2.1",`
`4`	`4`	`"homepage":"https://github.com/yeikos/js.merge",`
`5`	`5`	`"authors": [`
`6`	`6`	`"yeikos <yeikos@gmail.com>"`

`‎merge.js‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*!`
`2`		`- *@name JavaScript/NodeJS Merge v1.2.0`
	`2`	`+ *@name JavaScript/NodeJS Merge v1.2.1`
`3`	`3`	`*@author yeikos`
`4`	`4`	`*@repository https://github.com/yeikos/js.merge`
`5`	`5`
`@@ -128,6 +128,8 @@`
`128`	`128`
`129`	`129`	`for(varkeyinitem){`
`130`	`130`
	`131`	`+if(key==='__proto__')continue;`
	`132`	`+`
`131`	`133`	`varsitem=clone ?Public.clone(item[key]) :item[key];`
`132`	`134`
`133`	`135`	`if(recursive){`

`‎merge.min.js‎`

Lines changed: 2 additions & 2 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎package.json‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name":"merge",`
`3`		`-"version":"1.2.0",`
`4`		`-"author":"yeikos (http://www.yeikos.com)",`
	`3`	`+"version":"1.2.1",`
	`4`	`+"author":"yeikos",`
`5`	`5`	`"description":"Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.",`
`6`	`6`	`"main":"merge.js",`
`7`	`7`	`"license":"MIT",`

`‎tests/tests.js‎`

Lines changed: 38 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,25 @@ test('merge', function() {`
`50`	`50`
`51`	`51`	`});`
`52`	`52`
	`53`	`+test('merge (prototype pollution attack)',function(){`
	`54`	`+`
	`55`	`+deepEqual(`
	`56`	`+`
	`57`	`+merge({},JSON.parse('{"__proto__": {"a": true}}')),`
	`58`	`+{}`
	`59`	`+`
	`60`	`+);`
	`61`	`+`
	`62`	`+deepEqual(`
	`63`	`+`
	`64`	`+{}.a,`
	`65`	`+`
	`66`	`+undefined`
	`67`	`+`
	`68`	`+);`
	`69`	`+`
	`70`	`+});`
	`71`	`+`
`53`	`72`	`test('merge (clone)',function(){`
`54`	`73`
`55`	`74`	`varinput={`
`@@ -143,6 +162,25 @@ test('merge.recursive', function() {`
`143`	`162`
`144`	`163`	`});`
`145`	`164`
	`165`	`+test('merge.recursive (prototype pollution attack)',function(){`
	`166`	`+`
	`167`	`+deepEqual(`
	`168`	`+`
	`169`	`+merge.recursive({},JSON.parse('{"__proto__": {"a": true}}')),`
	`170`	`+{}`
	`171`	`+`
	`172`	`+);`
	`173`	`+`
	`174`	`+deepEqual(`
	`175`	`+`
	`176`	`+{}.a,`
	`177`	`+`
	`178`	`+undefined`
	`179`	`+`
	`180`	`+);`
	`181`	`+`
	`182`	`+});`
	`183`	`+`
`146`	`184`	`test('merge.recursive (clone)',function(){`
`147`	`185`
`148`	`186`	`varinput={a:{b:1}};`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6ad6035

File tree

6 files changed

6 files changed

`‎LICENSE‎`

`‎bower.json‎`

`‎merge.js‎`

`‎merge.min.js‎`

`‎package.json‎`

`‎tests/tests.js‎`

0 commit comments