Skip to content
Permalink
Browse files Browse the repository at this point in the history
merge :Merge pull request #3 from hlfshell/fix/security_vuln
Fix: Security Vulnerability - check attr
  • Loading branch information
hlfshell committed Oct 30, 2020
2 parents 7c0e7cb + fdfd063 commit 5a4b2e9
Show file tree
Hide file tree
Showing 3 changed files with 898 additions and 2 deletions.
5 changes: 5 additions & 0 deletions index.js
Expand Up @@ -41,7 +41,12 @@ module.exports = function(){
else result[item] = true;
});
} else {
allowedAttrs = Object.getOwnPropertyNames(obj2)
for(var attr in obj2){
//This is a safety check to prevent attr being specified as __proto__ or non object types
if(!allowedAttrs.includes(attr)){
continue
}
if(!result[attr]){
result[attr] = clone(obj2[attr]);
} else if(typeof result[attr] == 'object' && typeof obj2[attr] == 'object'){
Expand Down

0 comments on commit 5a4b2e9

Please sign in to comment.