Merge pull request #1 from Yoshino-s/master

Fix prototype pollution
silentmatt · Mar 29, 2021 · 3679a4d · 3679a4d
2 parents a556e27 + 6c475a1
commit 3679a4d
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/evaluate.js b/src/evaluate.js
@@ -41,6 +41,9 @@ export default function evaluate(tokens, expr, values) {
         nstack.push(f(resolveExpression(n1, values), resolveExpression(n2, values), resolveExpression(n3, values)));
       }
     } else if (type === IVAR) {
+      if (/^__proto__|prototype|constructor$/.test(item.value)) {
+        throw new Error('prototype access detected');
+      }
       if (item.value in expr.functions) {
         nstack.push(expr.functions[item.value]);
       } else if (item.value in expr.unaryOps && expr.parser.isOperatorEnabled(item.value)) {