Fix code scanning alert no. 2: Prototype-polluting function

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
CodeAndWeb · Oct 31, 2024 · 5822e37 · 5822e37
1 parent e1a883a
commit 5822e37
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/projects/ngx-translate/src/lib/util.ts b/projects/ngx-translate/src/lib/util.ts
@@ -147,6 +147,11 @@ export function setValue(target: any, key: string, value: any): void {
   for (let i = 0; i < keys.length; i++) {
     const key = keys[i];
 
+    // Skip dangerous properties to prevent prototype pollution
+    if (key === '__proto__' || key === 'constructor') {
+      continue;
+    }
+
     // If we're at the last key, set the value
     if (i === keys.length - 1) {
       current[key] = value;