Comparing version 0.5.1 to 0.5.2
# Changelog | ||
## Version 0.5.2 | ||
* fix: prevent code injection in copying properties | ||
## Version 0.5.1 | ||
@@ -5,0 +9,0 @@ |
@@ -53,3 +53,6 @@ 'use strict'; | ||
for (name in source) { | ||
if (name === '__proto__') { | ||
if (/__proto__|constructor|prototype|eval|function|\*|\+|;|\s|\(|\)|!/.test(name)) { | ||
// See | ||
// https://github.com/adaltas/node-mixme/issues/1 | ||
// https://github.com/adaltas/node-mixme/issues/2 | ||
continue; | ||
@@ -56,0 +59,0 @@ } |
@@ -49,3 +49,6 @@ function _typeof(obj) { | ||
for (name in source) { | ||
if (name === '__proto__') { | ||
if (/__proto__|constructor|prototype|eval|function|\*|\+|;|\s|\(|\)|!/.test(name)) { | ||
// See | ||
// https://github.com/adaltas/node-mixme/issues/1 | ||
// https://github.com/adaltas/node-mixme/issues/2 | ||
continue; | ||
@@ -52,0 +55,0 @@ } |
@@ -55,3 +55,6 @@ (function (global, factory) { | ||
for (name in source) { | ||
if (name === '__proto__') { | ||
if (/__proto__|constructor|prototype|eval|function|\*|\+|;|\s|\(|\)|!/.test(name)) { | ||
// See | ||
// https://github.com/adaltas/node-mixme/issues/1 | ||
// https://github.com/adaltas/node-mixme/issues/2 | ||
continue; | ||
@@ -58,0 +61,0 @@ } |
{ | ||
"name": "mixme", | ||
"description": "A library for recursive merging of Javascript objects", | ||
"version": "0.5.1", | ||
"version": "0.5.2", | ||
"author": "David Worms <david@adaltas.com> (https://www.adaltas.com)", | ||
@@ -6,0 +6,0 @@ "contributors": [], |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
20422
445