Fix Prototype Pollution

alromh87 · alromh87 · commit c2f845442202 · 2020-10-09T12:00:03.000Z
diff --git a/dist/merge.browser.min.js b/dist/merge.browser.min.js
diff --git a/dist/merge.browser.test.js b/dist/merge.browser.test.js
@@ -276,7 +276,7 @@ function _merge(isClone, isRecursive, items) {
         if (!isPlainObject(item))
             continue;
         for (var key in item) {
-            if (key === '__proto__')
+            if (key === '__proto__' || key === 'constructor' || key === 'prototype')
                 continue;
             var value = isClone ? clone(item[key]) : item[key];
             result[key] = isRecursive ? _recursiveMerge(result[key], value) : value;
diff --git a/lib/src/index.js b/lib/src/index.js
@@ -69,7 +69,7 @@ function _merge(isClone, isRecursive, items) {
         if (!isPlainObject(item))
             continue;
         for (var key in item) {
-            if (key === '__proto__')
+            if (key === '__proto__' || key === 'constructor' || key === 'prototype')
                 continue;
             var value = isClone ? clone(item[key]) : item[key];
             result[key] = isRecursive ? _recursiveMerge(result[key], value) : value;
diff --git a/src/index.ts b/src/index.ts
@@ -85,7 +85,7 @@ function _merge(isClone: boolean, isRecursive: boolean, items: any[]) {
 			continue
 
 		for (const key in item) {
-			if (key === '__proto__') continue
+			if (key === '__proto__' || key === 'constructor' || key === 'prototype') continue
 			const value = isClone ? clone(item[key]) : item[key]
 			result[key] = isRecursive ? _recursiveMerge(result[key], value) : value
 		}

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ function _merge(isClone: boolean, isRecursive: boolean, items: any[]) {`
`85`	`85`	`continue`
`86`	`86`
`87`	`87`	`for (const key in item) {`
`88`		`- if (key === '__proto__') continue`
	`88`	`+ if (key === '__proto__' \|\| key === 'constructor' \|\| key === 'prototype') continue`
`89`	`89`	`const value = isClone ? clone(item[key]) : item[key]`
`90`	`90`	`result[key] = isRecursive ? _recursiveMerge(result[key], value) : value`
`91`	`91`	`}`