Skip to content

Commit

Permalink
fix: __proto__ copy
Browse files Browse the repository at this point in the history
  • Loading branch information
popomore committed Dec 31, 2021
1 parent ddefb57 commit 88078b8
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 4 deletions.
6 changes: 4 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
sudo: false

language: node_js
node_js:
- '4'
- '6'
- '7'
before_install:
- npm i npminstall -g
install:
- npm i npminstall && npminstall
- npminstall
script:
- npm run ci
after_script:
Expand Down
2 changes: 1 addition & 1 deletion appveyor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ install:
test_script:
- node --version
- npm --version
- npm run ci
- npm run test

build: off
2 changes: 1 addition & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ module.exports = function extend() {
if (target === copy) continue;

// Recurse if we're merging plain objects
if (deep && copy && isPlainObject(copy)) {
if (deep && copy && isPlainObject(copy) && target.constructor !== Object) {
clone = src && isPlainObject(src) ? src : {};
// Never move original objects, clone them
target[name] = extend(deep, clone, copy);
Expand Down
10 changes: 10 additions & 0 deletions test/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -619,3 +619,13 @@ test('works without Array.isArray', function (t) {
Array.isArray = savedIsArray;
t.end();
});

test('fix __proto__ copy', function (t) {
var r = extend(true, {}, JSON.parse('{"__proto__": {"polluted": "yes"}}'));
t.deepEqual(
JSON.stringify(r),
'{}',
'It should not copy __proto__'
);
t.end();
});

0 comments on commit 88078b8

Please sign in to comment.