Skip to content

Commit

Permalink
prevent the __proto__ property from being used as a key
Browse files Browse the repository at this point in the history
  • Loading branch information
@jibrang
jibrang committed Aug 30, 2024
1 parent c8ad550 commit ae19541
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion target/braintree-1.3.10.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2368,7 +2368,7 @@ sjcl.random = {

for (i=0; i<jsTemp.length; i++) {
j = jsTemp[i];
if (Object.prototype.hasOwnProperty.call(cbs, j)) {
if (j !== '__proto__' && j !== 'constructor' && j !== 'prototype') {
delete cbs[j];

Check warning

Code scanning / CodeQL

Prototype-polluting assignment Medium library

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
library input
Loading
.
}
}
Expand Down

0 comments on commit ae19541

Please sign in to comment.