Skip to content

Commit

Permalink
fix(core): fixed __proto__ pollution
Browse files Browse the repository at this point in the history
  • Loading branch information
@nolimits4web
nolimits4web committed Mar 29, 2021
1 parent c19ecaf commit ec358de
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 39 deletions.
31 changes: 17 additions & 14 deletions src/angular/src/utils/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,23 @@ export function isObject(o) {
}

export function extend(target, src) {
Object.keys(src).forEach((key) => {
if (typeof target[key] === 'undefined') {
target[key] = src[key];
return;
}
if (target[key] && !src[key]) {
return;
}
if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
const noExtend = ['__proto__', 'constructor', 'prototype'];
Object.keys(src)
.filter((key) => noExtend.indexOf(key) < 0)
.forEach((key) => {
if (typeof target[key] === 'undefined') {
target[key] = src[key];
return;
}
if (target[key] && !src[key]) {
return;
}
if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
}

export function coerceBooleanProperty(value: any): boolean {
Expand Down
19 changes: 11 additions & 8 deletions src/react/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,17 @@ function isObject(o) {
}

function extend(target, src) {
Object.keys(src).forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
const noExtend = ['__proto__', 'constructor', 'prototype'];
Object.keys(src)
.filter((key) => noExtend.indexOf(key) < 0)
.forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
}

function needsNavigation(params = {}) {
Expand Down
19 changes: 11 additions & 8 deletions src/svelte/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,17 @@ function isObject(o) {
}

function extend(target, src) {
Object.keys(src).forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
const noExtend = ['__proto__', 'constructor', 'prototype'];
Object.keys(src)
.filter((key) => noExtend.indexOf(key) < 0)
.forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
}

function needsNavigation(params = {}) {
Expand Down
3 changes: 2 additions & 1 deletion src/utils/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,11 @@ function isObject(o) {
}
function extend(...args) {
const to = Object(args[0]);
const noExtend = ['__proto__', 'constructor', 'prototype'];
for (let i = 1; i < args.length; i += 1) {
const nextSource = args[i];
if (nextSource !== undefined && nextSource !== null) {
const keysArray = Object.keys(Object(nextSource)).filter((key) => key !== '__proto__');
const keysArray = Object.keys(Object(nextSource)).filter((key) => noExtend.indexOf(key) < 0);
for (let nextIndex = 0, len = keysArray.length; nextIndex < len; nextIndex += 1) {
const nextKey = keysArray[nextIndex];
const desc = Object.getOwnPropertyDescriptor(nextSource, nextKey);
Expand Down
19 changes: 11 additions & 8 deletions src/vue/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,17 @@ function isObject(o) {
}

function extend(target, src) {
Object.keys(src).forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
const noExtend = ['__proto__', 'constructor', 'prototype'];
Object.keys(src)
.filter((key) => noExtend.indexOf(key) < 0)
.forEach((key) => {
if (typeof target[key] === 'undefined') target[key] = src[key];
else if (isObject(src[key]) && isObject(target[key]) && Object.keys(src[key]).length > 0) {
extend(target[key], src[key]);
} else {
target[key] = src[key];
}
});
}

function needsNavigation(props = {}) {
Expand Down

0 comments on commit ec358de

Please sign in to comment.