Antoine du Hamel
|
d7f193434a
|
lib: add Promise methods to avoid-prototype-pollution lint rule
PR-URL: https://github.com/nodejs/node/pull/43849
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
|
2022-07-26 23:38:24 +01:00 |
|
Antoine du Hamel
|
358008f473
|
tools,doc: add guards against prototype pollution when creating proxies
PR-URL: https://github.com/nodejs/node/pull/43391
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: LiviaMedeiros <livia@cirno.name>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
|
2022-06-16 00:26:48 +02:00 |
|
Antoine du Hamel
|
9119382555
|
tools: report unsafe string and regex primordials as lint errors
| The string method | looks up the property |
| ----------------------------- | --------------------- |
| `String.prototype.match` | `Symbol.match` |
| `String.prototype.matchAll` | `Symbol.matchAll` |
| `String.prototype.replace` | `Symbol.replace` |
| `String.prototype.replaceAll` | `Symbol.replace` |
| `String.prototype.search` | `Symbol.search` |
| `String.prototype.split` | `Symbol.split` |
Functions that lookup the `exec` property on the prototype chain:
* `RegExp.prototype[Symbol.match]`
* `RegExp.prototype[Symbol.matchAll]`
* `RegExp.prototype[Symbol.replace]`
* `RegExp.prototype[Symbol.search]`
* `RegExp.prototype[Symbol.split]`
* `RegExp.prototype.test`
`RegExp.prototype[Symbol.replace]` and `RegExp.prototype[Symbol.split]`
are still allowed for a lack of a better solution.
PR-URL: https://github.com/nodejs/node/pull/43393
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
2022-06-16 00:21:57 +02:00 |
|
Antoine du Hamel
|
93728c60d2
|
tools: add avoid-prototype-pollution lint rule
PR-URL: https://github.com/nodejs/node/pull/43308
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
2022-06-11 14:45:31 +01:00 |
|