Permalink
Browse files

skip assignment to __proto__

  • Loading branch information...
nlf committed Feb 6, 2018
1 parent dfadda7 commit 32ed5c9413321fbc37da5ca81a7cbab693786dee
Showing with 13 additions and 0 deletions.
  1. +4 −0 lib/index.js
  2. +9 −0 test/index.js
@@ -115,6 +115,10 @@ exports.merge = function (target, source, isNullOverride /* = true */, isMergeAr
const keys = Object.keys(source);
for (let i = 0; i < keys.length; ++i) {
const key = keys[i];
if (key === '__proto__') {
continue;
}
const value = source[key];
if (value &&
typeof value === 'object') {
@@ -585,6 +585,15 @@ describe('merge()', () => {
Hoek.merge({ x: {} }, a);
expect(a.x.toString()).to.equal('abc');
});
it('skips __proto__', () => {
const a = '{ "ok": "value", "__proto__": { "test": "value" } }';
const b = Hoek.merge({}, JSON.parse(a));
expect(b).to.equal({ ok: 'value' });
expect(b.test).to.equal(undefined);
});
});
describe('applyToDefaults()', () => {

0 comments on commit 32ed5c9

Please sign in to comment.