Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: prototype pollution fix #1
  • Loading branch information
tony-tsx committed Sep 13, 2021
1 parent ed91f5d commit b5bea2b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/assigner.ts
@@ -1,12 +1,12 @@
const untracker = [ undefined, null ]

const invalids = [ '__proto__', 'constructor', 'prototype' ]
const Assigner = function( delegate: ( a: any, b: any ) => any, useuntrack: boolean = true ): ( ...args: any[] ) => any {
const assigner = ( ...args: any[] ) => {
console.log( { args } )
return args.reduce( ( a, b ) => {
if ( untracker.includes( a ) ) throw new TypeError( `can't convert ${a} to object` )
if ( useuntrack && untracker.includes( b ) ) return a
Object.keys( b ).forEach( key => {
if ( invalids.includes( key ) ) return void 0
if ( untracker.includes( a[key] ) ) a[key] = b[key]
else a[key] = delegate.call( this, a[key], b[key] )
} )
Expand Down

0 comments on commit b5bea2b

Please sign in to comment.