Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix and guard against prototype pollution issues #635

Merged
merged 1 commit into from
Dec 5, 2023
Merged

Fix and guard against prototype pollution issues #635

merged 1 commit into from
Dec 5, 2023

Conversation

ericyhwang
Copy link
Contributor

@ericyhwang ericyhwang commented Dec 5, 2023
edited
Loading

Certain incoming messages and ops can cause prototype pollution issues in ShareDB.

Changes here:

  • Switch to prototype-less objects for internal "maps"
  • Add additional guards against messages and ops that could cause prototype pollution of Object

@coveralls
Copy link

Coverage Status

coverage: 97.501% (-0.009%) from 97.51%
when pulling 06cc387 on fix-proto-clobber
into 3cb6a51 on master.

@ericyhwang ericyhwang merged commit cf33697 into master Dec 5, 2023
4 of 8 checks passed
@ericyhwang ericyhwang deleted the fix-proto-clobber branch December 5, 2023 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alecgibson alecgibson alecgibson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ericyhwang @coveralls @alecgibson