From a4ce724606340d86b802a0b6e47b1548b12b1033 Mon Sep 17 00:00:00 2001
From: d3v53c <shitfi63@gmail.com>
Date: Thu, 17 Dec 2020 00:54:43 -0800
Subject: [PATCH] prototype pollution fix

---
 lib/index.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/index.js b/lib/index.js
index bfa467d..dd18e65 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -4,6 +4,16 @@ const iterateObject = require("iterate-object")
     , isUndefined = require("is-undefined")
     ;
 
+
+/**
+ * Returns true, if given key is included in the blacklisted
+ * keys.
+ * @param key key for check, string.
+ */
+function isPrototypePolluted(key) {
+  return ['__proto__', 'prototype', 'constructor'].includes(key);
+}
+
 /**
  * unflattenObject
  * Convert flatten objects in nested ones.
@@ -28,6 +38,8 @@ module.exports = function unflattenObject(flatten, separator) {
           ;
 
         iterateObject(subkeys, subkey => {
+          if (isPrototypePolluted(subkey)) return;
+
             parentObj[subkey] = isUndefined(parentObj[subkey])
                               ? {}
                               : parentObj[subkey]