Skip to content

Commit 753d591

Browse files
authored
Core: Prevent Object.prototype pollution for $.extend( true, ... )
Closes gh-4333
1 parent 669f720 commit 753d591

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

Diff for: src/core.js

+2-1
Original file line numberDiff line numberDiff line change
@@ -158,8 +158,9 @@ jQuery.extend = jQuery.fn.extend = function() {
158158
for ( name in options ) {
159159
copy = options[ name ];
160160

161+
// Prevent Object.prototype pollution
161162
// Prevent never-ending loop
162-
if ( target === copy ) {
163+
if ( name === "__proto__" || target === copy ) {
163164
continue;
164165
}
165166

Diff for: test/unit/core.js

+7
Original file line numberDiff line numberDiff line change
@@ -1062,6 +1062,13 @@ QUnit.test( "jQuery.extend(true,{},{a:[], o:{}}); deep copy with array, followed
10621062
assert.ok( !Array.isArray( result.object ), "result.object wasn't paved with an empty array" );
10631063
} );
10641064

1065+
QUnit.test( "jQuery.extend( true, ... ) Object.prototype pollution", function( assert ) {
1066+
assert.expect( 1 );
1067+
1068+
jQuery.extend( true, {}, JSON.parse( "{\"__proto__\": {\"devMode\": true}}" ) );
1069+
assert.ok( !( "devMode" in {} ), "Object.prototype not polluted" );
1070+
} );
1071+
10651072
QUnit.test( "jQuery.each(Object,Function)", function( assert ) {
10661073
assert.expect( 23 );
10671074

0 commit comments

Comments
 (0)