From ff1d9d8ee55dcb2bd4b5fa788205abfc293e6cfd Mon Sep 17 00:00:00 2001 From: Rik Smale <13023439+WikiRik@users.noreply.github.com> Date: Wed, 25 Oct 2023 09:58:31 +0200 Subject: [PATCH 1/2] fix: deny modifying the object prototype --- src/shared/object.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/object.ts b/src/shared/object.ts index ac78339d..06ab8311 100644 --- a/src/shared/object.ts +++ b/src/shared/object.ts @@ -14,7 +14,7 @@ export function deepAssign(target: T, source: S): T & S; export function deepAssign(target: {}, source: S): S; export function deepAssign(target: any, ...sources: any[]): any { sources.forEach((source) => { - Object.getOwnPropertyNames(source).forEach((key) => assign(key, target, source)); + Object.getOwnPropertyNames(source).forEach((key) => !["__proto__", "constructor", "prototype"].includes(key) && assign(key, target, source)); /* istanbul ignore next */ if (Object.getOwnPropertySymbols) { Object.getOwnPropertySymbols(source).forEach((key) => assign(key, target, source)); From 9d27350d4ad2bdbb59d8a1136cfd5066bd832a06 Mon Sep 17 00:00:00 2001 From: Rik Smale <13023439+WikiRik@users.noreply.github.com> Date: Wed, 25 Oct 2023 08:04:57 +0000 Subject: [PATCH 2/2] style: fix lint --- src/shared/object.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/shared/object.ts b/src/shared/object.ts index 06ab8311..768fd8b5 100644 --- a/src/shared/object.ts +++ b/src/shared/object.ts @@ -14,7 +14,10 @@ export function deepAssign(target: T, source: S): T & S; export function deepAssign(target: {}, source: S): S; export function deepAssign(target: any, ...sources: any[]): any { sources.forEach((source) => { - Object.getOwnPropertyNames(source).forEach((key) => !["__proto__", "constructor", "prototype"].includes(key) && assign(key, target, source)); + Object.getOwnPropertyNames(source).forEach( + (key) => + !['__proto__', 'constructor', 'prototype'].includes(key) && assign(key, target, source) + ); /* istanbul ignore next */ if (Object.getOwnPropertySymbols) { Object.getOwnPropertySymbols(source).forEach((key) => assign(key, target, source));