Skip to content

Commit

Permalink
fix: __proto__ copy
Browse files Browse the repository at this point in the history
  • Loading branch information
@popomore
popomore committed Dec 31, 2021
1 parent ddefb57 commit d9a525f
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 3 deletions.
6 changes: 4 additions & 2 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
sudo: false

language: node_js
node_js:
- '4'
- '6'
- '7'
before_install:
- npm i npminstall -g
install:
- npm i npminstall && npminstall
- npminstall
script:
- npm run ci
after_script:
Expand Down
2 changes: 1 addition & 1 deletion appveyor.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ install:
test_script:
- node --version
- npm --version
- npm run ci
- npm run test

build: off
2 changes: 2 additions & 0 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ module.exports = function extend() {

// Extend the base object
for (name in options) {
if (name === '__proto__') continue;

src = target[name];
copy = options[name];

Expand Down
10 changes: 10 additions & 0 deletions test/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -619,3 +619,13 @@ test('works without Array.isArray', function (t) {
Array.isArray = savedIsArray;
t.end();
});

test('fix __proto__ copy', function (t) {
var r = extend(true, {}, JSON.parse('{"__proto__": {"polluted": "yes"}}'));
t.deepEqual(
JSON.stringify(r),
'{}',
'It should not copy __proto__'
);
t.end();
});

0 comments on commit d9a525f

Please sign in to comment.