aboutsummaryrefslogtreecommitdiffstats
path: root/test/unit
diff options
context:
space:
mode:
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>2019-03-25 17:57:30 +0100
committerGitHub <noreply@github.com>2019-03-25 17:57:30 +0100
commit753d591aea698e57d6db58c9f722cd0808619b1b (patch)
tree7e39c9e4e96d8323af016f4a596ba10c4190e98e /test/unit
parent669f720edc4f557dfef986db747c09ebfaa16ef5 (diff)
downloadjquery-753d591aea698e57d6db58c9f722cd0808619b1b.tar.gz
jquery-753d591aea698e57d6db58c9f722cd0808619b1b.zip
Core: Prevent Object.prototype pollution for $.extend( true, ... )
Closes gh-4333
Diffstat (limited to 'test/unit')
-rw-r--r--test/unit/core.js7
1 files changed, 7 insertions, 0 deletions
diff --git a/test/unit/core.js b/test/unit/core.js
index 8205aa242..28f40ab56 100644
--- a/test/unit/core.js
+++ b/test/unit/core.js
@@ -1062,6 +1062,13 @@ QUnit.test( "jQuery.extend(true,{},{a:[], o:{}}); deep copy with array, followed
assert.ok( !Array.isArray( result.object ), "result.object wasn't paved with an empty array" );
} );
+QUnit.test( "jQuery.extend( true, ... ) Object.prototype pollution", function( assert ) {
+ assert.expect( 1 );
+
+ jQuery.extend( true, {}, JSON.parse( "{\"__proto__\": {\"devMode\": true}}" ) );
+ assert.ok( !( "devMode" in {} ), "Object.prototype not polluted" );
+} );
+
QUnit.test( "jQuery.each(Object,Function)", function( assert ) {
assert.expect( 23 );