diff --git a/dev/common.html b/dev/common.html
index 7d55a8fb..d6a398f0 100644
--- a/dev/common.html
+++ b/dev/common.html
@@ -93,6 +93,11 @@
vConsole.setOption('log.maxLogNumber', 20);
vConsole.setOption({ network: { maxNetworkNumber: 30 }});
vConsole.setOption({ network: { b: 123 }}); // overwrite previous line
+ vConsole.setOption({ '__proto__': { a: 1 }, 'prototype': { b: 2 }, 'constructor': 3 });
+ vConsole.setOption('__proto__.noOrig', 1);
+ vConsole.setOption('prototype.noOrig', 2);
+ vConsole.setOption('constructor', () => { console.log('hack') });
+ vConsole.setOption('log.__proto__.noOrig', 1);
console.log(vConsole.option);
}
diff --git a/src/core/core.ts b/src/core/core.ts
index 843db2bf..481504ab 100644
--- a/src/core/core.ts
+++ b/src/core/core.ts
@@ -517,21 +517,32 @@ export class VConsole {
* @example `setOption({ log: { maxLogNumber: 20 }})`: overwrite 'log' object.
*/
public setOption(keyOrObj: any, value?: any) {
+
if (typeof keyOrObj === 'string') {
// parse `a.b = val` to `a: { b: val }`
const keys = keyOrObj.split('.');
let opt: any = this.option;
- for (let i = 0; i < keys.length - 1; i++) {
+ for (let i = 0; i < keys.length; i++) {
+ if (keys[i] === '__proto__' || keys[i] === 'constructor' || keys[i] === 'prototype') {
+ console.debug(`[vConsole] Cannot set \`${keys[i]}\` in \`vConsole.setOption()\`.`);
+ return;
+ }
if (opt[keys[i]] === undefined) {
opt[keys[i]] = {};
}
+ if (i === keys.length - 1) {
+ opt[keys[i]] = value;
+ }
opt = opt[keys[i]];
}
- opt[keys[keys.length - 1]] = value;
this._triggerPluginsEvent('updateOption');
this._updateComponentByOptions();
} else if (tool.isObject(keyOrObj)) {
for (let k in keyOrObj) {
+ if (k === '__proto__' || k === 'constructor' || k === 'prototype') {
+ console.debug(`[vConsole] Cannot set \`${k}\` in \`vConsole.setOption()\`.`);
+ continue;
+ }
this.option[k] = keyOrObj[k];
}
this._triggerPluginsEvent('updateOption');