Skip to content

v5.0.0
Compare
Choose a tag to compare
@marcbachmann marcbachmann released this 12 Nov 18:49
· 6 commits to main since this release
v5.0.0
8dbf304

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')
Assets 2
Loading