From 7241013ae011a585983e176ddc0489a7a52f6bb0 Mon Sep 17 00:00:00 2001 From: Zack Date: Mon, 20 Jul 2020 17:22:42 -0700 Subject: [PATCH] (parser) use null prototype objects for languages/aliases (#2636) Fix: Discord uses getLanguage to validate that a language specified exists in highlightJS and retrieve metadata about the language for code block highlighting in chat. Because highlightJS returns prototype values instead of the highlight languages themselves, the result is a few different bugs in our clients which expect the return type to be only `Language | undefined`. --- CHANGES.md | 9 +++++++++ src/highlight.js | 4 ++-- test/api/getLanguage.js | 12 ++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 7dde7b4582..34a5e311b3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,12 @@ +## Version 10.1.2 + +Fixes: + +- fix(night) Prevent object prototype values from being returned by `getLanguage` (#2636) [night][] + +[night]: https://github.com/night + + ## Version 10.1.1 Fixes: diff --git a/src/highlight.js b/src/highlight.js index 4f98f38ea5..b16efe83a0 100644 --- a/src/highlight.js +++ b/src/highlight.js @@ -29,9 +29,9 @@ const HLJS = function(hljs) { // Global internal variables used within the highlight.js library. /** @type {Record} */ - var languages = {}; + var languages = Object.create(null); /** @type {Record} */ - var aliases = {}; + var aliases = Object.create(null); /** @type {HLJSPlugin[]} */ var plugins = []; diff --git a/test/api/getLanguage.js b/test/api/getLanguage.js index d2654a4f63..ae14ebb92e 100644 --- a/test/api/getLanguage.js +++ b/test/api/getLanguage.js @@ -41,4 +41,16 @@ describe('.getLanguage()', () => { result.should.have.property('aliases').with.containEql('cs'); should.strictEqual(result, hljs.getLanguage('csharp')) }); + + it('should not succeed for constructor', () => { + const result = hljs.getLanguage('constructor'); + + should.strictEqual(result, undefined); + }); + + it('should not succeed for __proto__', () => { + const result = hljs.getLanguage('__proto__'); + + should.strictEqual(result, undefined); + }); });