Re-add the __proto__.polluted check that was removed by mistake

fabian-hiller · Sep 26, 2023 · b64323b · b64323b
1 parent c91cd6b
commit b64323b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/library/src/schemas/record/record.test.ts b/library/src/schemas/record/record.test.ts
@@ -151,6 +151,7 @@ describe('record', () => {
   test('should prevent prototype pollution', () => {
     const schema = record(string(), any());
     const input = JSON.parse('{"__proto__":{"polluted":"yes"}}');
+    expect(input.__proto__.polluted).toBe('yes');
     expect(({} as any).polluted).toBeUndefined();
     const output = parse(schema, input);
     expect(output.__proto__?.polluted).toBeUndefined();

diff --git a/library/src/schemas/record/recordAsync.test.ts b/library/src/schemas/record/recordAsync.test.ts
@@ -157,6 +157,7 @@ describe('recordAsync', () => {
   test('should prevent prototype pollution', async () => {
     const schema = recordAsync(string(), any());
     const input = JSON.parse('{"__proto__":{"polluted":"yes"}}');
+    expect(input.__proto__.polluted).toBe('yes');
     expect(({} as any).polluted).toBeUndefined();
     const output = await parseAsync(schema, input);
     expect(output.__proto__?.polluted).toBeUndefined();