| 1 | import { isArray } from "./is-array.js";
|
| 2 | import { isString } from "./is-string.js";
|
| 3 | const ILLEGAL_KEYS = new Set(["__proto__", "prototype", "constructor"]);
|
| 4 | /**
|
| 5 | * Returns true, if given `x` is an illegal object key as per
|
| 6 | * {@link ILLEGAL_KEYS}.
|
| 7 | *
|
| 8 | * @see {@link isProtoPath} for more details
|
| 9 | *
|
| 10 | * @param x -
|
| 11 | */
|
| 12 | export const isIllegalKey = (x) => ILLEGAL_KEYS.has(x);
|
| 13 | /**
|
| 14 | * Returns true if given `path` contains any {@link ILLEGAL_KEYS}, i.e. could be
|
| 15 | * used to poison the prototype chain of an object.
|
| 16 | *
|
| 17 | * @remarks
|
| 18 | * If given an array, each item is considered a single sub-path property and
|
| 19 | * will be checked as is. If given a string it will be split using "." as
|
| 20 | * delimiter and each item checked as is (same way array paths are handled).
|
| 21 | *
|
| 22 | * Original discussion here, implementation updated to be more encompassing:
|
| 23 | * https://github.com/thi-ng/umbrella/pull/273
|
| 24 | *
|
| 25 | * @param path -
|
| 26 | */
|
| 27 | export const isProtoPath = (path) => isArray(path)
|
| 28 | ? path.some(isIllegalKey)
|
| 29 | : isString(path)
|
| 30 | ? path.indexOf(".") !== -1
|
| 31 | ? path.split(".").some(isIllegalKey)
|
| 32 | : isIllegalKey(path)
|
| 33 | : false;
|