Prevent prototype pollution while parsing query strings (#2494)

* Prevent prototype pollution while parsing query strings * Update changelog [skip ci]
2019-07-27 17:39:55 -04:00 · 2019-07-27 17:39:55 -04:00 · 97fa1788c2
commit 97fa1788c2
parent 48e7fd1711
3 changed files with 23 additions and 4 deletions
--- a/querystring/tests/test-parseQueryString.js
+++ b/querystring/tests/test-parseQueryString.js
@ -97,4 +97,16 @@ o.spec("parseQueryString", function() {
 		var data = parseQueryString("a=1&b=2&a=3")
 		o(data).deepEquals({a: "3", b: "2"})
 	})
+	o("doesn't pollute prototype directly, censors `__proto__`", function() {
+		var prev = Object.prototype.toString
+		var data = parseQueryString("a=b&__proto__%5BtoString%5D=123")
+		o(Object.prototype.toString).equals(prev)
+		o(data).deepEquals({a: "b"})
+	})
+	o("doesn't pollute prototype indirectly, retains `constructor`", function() {
+		var prev = Object.prototype.toString
+		var data = parseQueryString("constructor%5Bprototype%5D%5BtoString%5D=123")
+		o(Object.prototype.toString).equals(prev)
+		o(data).deepEquals({a: "b"})
+	})
 })