vndb/mithril-vndb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Take 2

Browse source
This commit is contained in:
Isiah Meadows 2019-07-27 20:53:19 -04:00
parent 9d3ce5fa6d
commit e58e9186f8
2 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
querystring/parse.js
View file

@ -19,7 +19,6 @@ module.exports = function(string) {
for (var j = 0; j < levels.length; j++) { for (var j = 0; j < levels.length; j++) {
var level = levels[j], nextLevel = levels[j + 1] var level = levels[j], nextLevel = levels[j + 1]
var isNumber = nextLevel == "" || !isNaN(parseInt(nextLevel, 10)) var isNumber = nextLevel == "" || !isNaN(parseInt(nextLevel, 10))
var isValue = j === levels.length - 1
if (level === "") { if (level === "") {
var key = levels.slice(0, j).join() var key = levels.slice(0, j).join()
if (counters[key] == null) { if (counters[key] == null) {
@ -29,15 +28,15 @@ module.exports = function(string) {
} }
// Disallow direct prototype pollution // Disallow direct prototype pollution
else if (level === "__proto__") break else if (level === "__proto__") break
if (isValue) cursor[level] = value if (j === levels.length - 1) cursor[level] = value
else { else {
// Read own properties exclusively to disallow indirect // Read own properties exclusively to disallow indirect
// prototype pollution // prototype pollution
value = Object.getOwnPropertyDescriptor(cursor, level) var desc = Object.getOwnPropertyDescriptor(cursor, level)
if (value != null) value = value.value if (desc != null) desc = desc.value
if (value == null) value = cursor[level] = isNumber ? [] : {} if (desc == null) cursor[level] = desc = isNumber ? [] : {}
cursor = desc
} }
cursor = value
} }
} }
return data return data

7
querystring/tests/test-parseQueryString.js
View file

@ -105,8 +105,11 @@ o.spec("parseQueryString", function() {
}) })
o("doesn't pollute prototype indirectly, retains `constructor`", function() { o("doesn't pollute prototype indirectly, retains `constructor`", function() {
var prev = Object.prototype.toString var prev = Object.prototype.toString
var data = parseQueryString("constructor%5Bprototype%5D%5BtoString%5D=123") var data = parseQueryString("a=b&constructor%5Bprototype%5D%5BtoString%5D=123")
o(Object.prototype.toString).equals(prev) o(Object.prototype.toString).equals(prev)
o(data).deepEquals({a: "b"}) // The deep matcher is borked here.
o(Object.keys(data)).deepEquals(["a", "constructor"])
o(data.a).equals("b")
o(data.constructor).deepEquals({prototype: {toString: "123"}})
}) })
}) })