1 | import { isArray } from "./is-array.js";
|
2 | import { isString } from "./is-string.js";
|
3 | const ILLEGAL_KEYS = new Set(["__proto__", "prototype", "constructor"]);
|
4 | /**
|
5 | * Returns true, if given `x` is an illegal object key as per
|
6 | * {@link ILLEGAL_KEYS}.
|
7 | *
|
8 | * @see {@link isProtoPath} for more details
|
9 | *
|
10 | * @param x -
|
11 | */
|
12 | export const isIllegalKey = (x) => ILLEGAL_KEYS.has(x);
|
13 | /**
|
14 | * Returns true if given `path` contains any {@link ILLEGAL_KEYS}, i.e. could be
|
15 | * used to poison the prototype chain of an object.
|
16 | *
|
17 | * @remarks
|
18 | * If given an array, each item is considered a single sub-path property and
|
19 | * will be checked as is. If given a string it will be split using "." as
|
20 | * delimiter and each item checked as is (same way array paths are handled).
|
21 | *
|
22 | * Original discussion here, implementation updated to be more encompassing:
|
23 | * https://github.com/thi-ng/umbrella/pull/273
|
24 | *
|
25 | * @param path -
|
26 | */
|
27 | export const isProtoPath = (path) => isArray(path)
|
28 | ? path.some(isIllegalKey)
|
29 | : isString(path)
|
30 | ? path.indexOf(".") !== -1
|
31 | ? path.split(".").some(isIllegalKey)
|
32 | : isIllegalKey(path)
|
33 | : false;
|