fix: mitigate prototype pollution

mout · Jun 22, 2022 · 0892a37 · 0892a37
1 parent ed23d74
commit 0892a37
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/object/set.js b/src/object/set.js
@@ -4,15 +4,16 @@ define(['./namespace'], function (namespace) {
      * set "nested" object property
      */
     function set(obj, prop, val){
+        var stringifiedProp = prop.toString();
         // prototype pollution mitigation
-        if(prop.includes('__proto__') || prop.includes('prototype') || prop.includes('constructor')) {
+        if(stringifiedProp.includes('__proto__') || stringifiedProp.includes('prototype') || stringifiedProp.includes('constructor')) {
             return false;
         }
-        var parts = (/^(.+)\.(.+)$/).exec(prop);
+        var parts = (/^(.+)\.(.+)$/).exec(stringifiedProp);
         if (parts){
             namespace(obj, parts[1])[parts[2]] = val;
         } else {
-            obj[prop] = val;
+            obj[stringifiedProp] = val;
         }
     }