Skip to content
Permalink
Browse files

Core: Prevent Object.prototype pollution for $.extend( true, ... )

Closes gh-4333
  • Loading branch information...
mgol committed Mar 25, 2019
1 parent 669f720 commit 753d591aea698e57d6db58c9f722cd0808619b1b
Showing with 9 additions and 1 deletion.
  1. +2 −1 src/core.js
  2. +7 −0 test/unit/core.js
@@ -158,8 +158,9 @@ jQuery.extend = jQuery.fn.extend = function() {
for ( name in options ) {
copy = options[ name ];

// Prevent Object.prototype pollution
// Prevent never-ending loop
if ( target === copy ) {
if ( name === "__proto__" || target === copy ) {
continue;
}

@@ -1062,6 +1062,13 @@ QUnit.test( "jQuery.extend(true,{},{a:[], o:{}}); deep copy with array, followed
assert.ok( !Array.isArray( result.object ), "result.object wasn't paved with an empty array" );
} );

QUnit.test( "jQuery.extend( true, ... ) Object.prototype pollution", function( assert ) {
assert.expect( 1 );

jQuery.extend( true, {}, JSON.parse( "{\"__proto__\": {\"devMode\": true}}" ) );
assert.ok( !( "devMode" in {} ), "Object.prototype not polluted" );
} );

QUnit.test( "jQuery.each(Object,Function)", function( assert ) {
assert.expect( 23 );

0 comments on commit 753d591

Please sign in to comment.
You can’t perform that action at this time.