Permalink
Browse files

check for __proto__

  • Loading branch information...
1 parent 72e96d9 commit 01e49b2a5490e10e08b8972cf11b4f0f533ab935 @dominictarr committed Jan 19, 2013
Showing with 38 additions and 9 deletions.
  1. +30 −8 doc.js
  2. +2 −0 row.js
  3. +4 −1 seq.js
  4. +2 −0 set.js
View
38 doc.js
@@ -69,6 +69,8 @@ function Doc (id) {
Doc.prototype.add = function (initial) {
var id = initial.id === undefined ? createId() : initial.id
+ if(id === '__proto__')
+ throw new Error('__proto__ is illegial id')
var r = this._add(id, 'local')
r._set(initial, 'local')
return r
@@ -78,6 +80,8 @@ Doc.prototype._add = function (id, source, change) {
var doc = this
+ if(id === '__proto__')
+ throw new Error('__proto__ is illegial id')
if(this.rows[id])
return this.rows[id]
@@ -101,6 +105,8 @@ Doc.prototype.timeUpdated = function (row, key) {
}
Doc.prototype.set = function (id, change) {
+ if(id === '__proto__')
+ throw new Error('__proto__ is illegial id')
var r = this._add(id, 'local', change)
return r.set(change)
}
@@ -121,11 +127,18 @@ Doc.prototype.applyUpdate = function (update, source) {
//apply an update to a row.
//take into account histroy.
//and insert the change into the correct place.
+ if(!(Array.isArray(update[0])
+ && 'string' === typeof update[0][0]
+ )) return this.emit('invalid', new Error('invalid update'))
+
var id = update[0][0]
var changes = update[0][1]
var timestamp = update[1]
var from = update[2]
+ if(id === '__proto__')
+ return this.emit('invalid', new Error('__proto__ is illegial id'))
+
var changed = {}
var row = this._add(id, source)
@@ -138,12 +151,14 @@ Doc.prototype.applyUpdate = function (update, source) {
// if(!row.validate(changes)) return
for(var key in changes) {
- var value = changes[key]
- if(!hist[key] || order(hist[key], update) < 0) {
- if(hist[key]) this.emit('_remove', hist[key])
- hist[key] = update
- changed[key] = changes[key]
- emit = true
+ if(changes.hasOwnProperty(key)) {
+ var value = changes[key]
+ if(!hist[key] || order(hist[key], update) < 0) {
+ if(hist[key]) this.emit('_remove', hist[key])
+ hist[key] = update
+ changed[key] = changes[key]
+ emit = true
+ }
}
}
@@ -200,22 +215,29 @@ function _set(self, key, val, type) {
Doc.prototype.createSet = function (key, val) {
+ if(key === '__proto__')
+ throw new Error('__proto__ is invalid key')
return _set(this, key, val, Set)
}
Doc.prototype.createSeq = function (key, val) {
+ if(key === '__proto__')
+ throw new Error('__proto__ is invalid key')
return _set(this, key, val, Seq)
}
Doc.prototype.toJSON = function () {
var j = {}
- for (var k in this.rows)
- j[k] = this.rows[k].state
+ for (var k in this.rows) {
+ if(this.rows.hasOwnProperty(k))
+ j[k] = this.rows[k].state
+ }
return j
}
//retrive a reference to a row.
//if the row is not created yet, create
Doc.prototype.get = function (id) {
+ if(id === '__proto__') throw new Error('__proto__ is illegal id')
return this.rows[id] = this.rows[id] || this._add(new Row(id), 'local')
}
View
2 row.js
@@ -18,6 +18,8 @@ function Row (id) {
Row.prototype.set = function (changes, v) {
if(arguments.length == 2) {
var k = changes
+ if(k === '__proto__')
+ return this
changes = {}
changes[k] = v
}
View
5 seq.js
@@ -25,7 +25,9 @@ function find (obj, iter) {
}
function Seq (doc, key, val) {
-
+ if(key == '__proto__')
+ throw new Error('__proto__ is invalid key')
+
Set.call(this, doc, key, val)
if (typeof key !== 'string') {
@@ -161,6 +163,7 @@ Seq.prototype.indexOf = function (obj) {
}
Seq.prototype.at = function (i) {
+ if('__proto__' === i) throw new Error('__proto__ invalid index')
return this._array[i]
}
View
2 set.js
@@ -51,6 +51,7 @@ function Set(doc, key, value) {
key = null
} else {
//DO NOT CHANGE once you have created the set.
+ if(key === '__proto__') throw new Error('__proto__ is illegal key')
this.key = key
this.value = value
}
@@ -141,6 +142,7 @@ Set.prototype.forEach = function (iter) {
Set.prototype.get = function (id) {
if(!arguments.length)
return this.array
+ if(id === '__proto__') throw new Error('__proto__ is invalid id')
return (
'string' === typeof id ? this.rows[id]
: 'number' === typeof id ? this.rows[id]

0 comments on commit 01e49b2

Please sign in to comment.