Core: Prevent Object.prototype pollution for $.extend( true, ... )

Closes gh-4333
author: Michał Gołębiowski-Owczarek <m.goleb@gmail.com> 2019-03-25 17:57:30 +0100
committer: GitHub <noreply@github.com> 2019-03-25 17:57:30 +0100
commit: 753d591aea698e57d6db58c9f722cd0808619b1b (patch)
tree: 7e39c9e4e96d8323af016f4a596ba10c4190e98e /src/core.js
parent: 669f720edc4f557dfef986db747c09ebfaa16ef5 (diff)
download: jquery-753d591aea698e57d6db58c9f722cd0808619b1b.tar.gz
jquery-753d591aea698e57d6db58c9f722cd0808619b1b.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core.js b/src/core.js
index d9c7e9882..3ef92d48f 100644
--- a/src/core.js
+++ b/src/core.js
@@ -158,8 +158,9 @@ jQuery.extend = jQuery.fn.extend = function() {
 			for ( name in options ) {
 				copy = options[ name ];
 
+				// Prevent Object.prototype pollution
 				// Prevent never-ending loop
-				if ( target === copy ) {
+				if ( name === "__proto__" || target === copy ) {
 					continue;
 				}
author	Michał Gołębiowski-Owczarek <m.goleb@gmail.com>	2019-03-25 17:57:30 +0100
committer	GitHub <noreply@github.com>	2019-03-25 17:57:30 +0100
commit	753d591aea698e57d6db58c9f722cd0808619b1b (patch)
tree	7e39c9e4e96d8323af016f4a596ba10c4190e98e /src/core.js
parent	669f720edc4f557dfef986db747c09ebfaa16ef5 (diff)
download	jquery-753d591aea698e57d6db58c9f722cd0808619b1b.tar.gz jquery-753d591aea698e57d6db58c9f722cd0808619b1b.zip