From 6c475a118643ae0efe012de283e932fb8b74324b Mon Sep 17 00:00:00 2001 From: Yoshino-s Date: Fri, 26 Mar 2021 23:40:14 +0800 Subject: [PATCH] Fix prototype pollution --- src/evaluate.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/evaluate.js b/src/evaluate.js index 80a63a2..f23cef7 100644 --- a/src/evaluate.js +++ b/src/evaluate.js @@ -41,6 +41,9 @@ export default function evaluate(tokens, expr, values) { nstack.push(f(resolveExpression(n1, values), resolveExpression(n2, values), resolveExpression(n3, values))); } } else if (type === IVAR) { + if (/^__proto__|prototype|constructor$/.test(item.value)) { + throw new Error('prototype access detected'); + } if (item.value in expr.functions) { nstack.push(expr.functions[item.value]); } else if (item.value in expr.unaryOps && expr.parser.isOperatorEnabled(item.value)) {