UNPKG

parse

Version:

Parse JavaScript SDK

parseplatform.org

parse-community/Parse-SDK-JS

29 lines (28 loc) • 1.31 kB

JavaScript

"use strict"; var _Object$defineProperty = require("@babel/runtime-corejs3/core-js-stable/object/define-property"); var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault"); _Object$defineProperty(exports, "__esModule", { value: true }); exports.isDangerousKey = isDangerousKey; var _includes = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/includes")); var _some = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/some")); /** * Check if a property name or path is potentially dangerous for prototype pollution * Dangerous keys include: __proto__, constructor, prototype * @param key - The property name or dotted path to check * @returns true if the key is dangerous, false otherwise */ function isDangerousKey(key) { const dangerousKeys = ["__proto__", "constructor", "prototype"]; // Check if the key itself is dangerous if ((0, _includes.default)(dangerousKeys).call(dangerousKeys, key)) { return true; } // Check if any part of a dotted path is dangerous if ((0, _includes.default)(key).call(key, ".")) { const parts = key.split("."); return (0, _some.default)(parts).call(parts, part => (0, _includes.default)(dangerousKeys).call(dangerousKeys, part)); } return false; }