fix: 🐛 fix prototype pollution

AdamGold · AdamGold · commit ee4b8e76ec56 · 2020-08-25T15:46:05.000+03:00
filter prototype, __proto__ and constructor
diff --git a/index.js b/index.js
@@ -75,6 +75,9 @@ api.set = function set (obj, pointer, value) {
 
     for (var i = 0; i < refTokens.length - 1; ++i) {
         var tok = refTokens[i];
+        if (tok === "__proto__" || tok === "constructor" || tok === "prototype") {
+            continue
+        }
         if (tok === '-' && Array.isArray(obj)) {
           tok = obj.length;
         }

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,9 @@ api.set = function set (obj, pointer, value) {`
`75`	`75`
`76`	`76`	`for (var i = 0; i < refTokens.length - 1; ++i) {`
`77`	`77`	`var tok = refTokens[i];`
	`78`	`+ if (tok === "__proto__" \|\| tok === "constructor" \|\| tok === "prototype") {`
	`79`	`+ continue`
	`80`	`+ }`
`78`	`81`	`if (tok === '-' && Array.isArray(obj)) {`
`79`	`82`	`tok = obj.length;`
`80`	`83`	`}`