vndb/mithril-vndb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid triggering Object.prototype.__proto__ with keys (#2251)

Browse source 
This way, the diff algorithm works with untrusted keys.
This commit is contained in:
Isiah Meadows 2018-10-15 15:09:55 -04:00 committed by GitHub
parent d2ca44b693
commit 88b17c1c60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/change-log.md
View file

@ -59,6 +59,8 @@
- render/events: Event handlers, when set to literally `undefined` (or any non-function), are now correctly removed.
- render/hooks: fixed an ommission that caused `oninit` to be called unnecessarily in some cases [#1992](https://github.com/MithrilJS/mithril.js/issues/1992)
- docs: tweaks: ([#2104](https://github.com/MithrilJS/mithril.js/pull/2104) [@mikeyb](https://github.com/mikeyb), [#2205](https://github.com/MithrilJS/mithril.js/pull/2205), [@cavemansspa](https://github.com/cavemansspa))
- render/core: avoid touching `Object.prototype.__proto__` setter with `key: "__proto__"` in certain situations ([#2251](https://github.com/MithrilJS/mithril.js/pull/2251))
---
### v1.1.7