Skip to content

Commit

Permalink
Basic pollution protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@mde
mde committed Apr 12, 2024
1 parent 715e950 commit e469741
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
5 changes: 3 additions & 2 deletions lib/ejs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,8 +506,8 @@ exports.clearCache = function () {
exports.cache.reset();
};

function Template(text, opts) {
opts = opts || utils.createNullProtoObjWherePossible();
function Template(text, optsParam) {
var opts = utils.hasOwnOnlyObject(optsParam);
var options = utils.createNullProtoObjWherePossible();
this.templateText = text;
/** @type {string | null} */
Expand Down Expand Up @@ -949,3 +949,4 @@ exports.name = _NAME;
if (typeof window != 'undefined') {
window.ejs = exports;
}

9 changes: 9 additions & 0 deletions lib/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,4 +238,13 @@ exports.createNullProtoObjWherePossible = (function () {
};
})();

exports.hasOwnOnlyObject = function (obj) {
var o = exports.createNullProtoObjWherePossible();
for (var p in obj) {
if (hasOwn(obj, p)) {
o[p] = obj[p];
}
}
return o;
};

0 comments on commit e469741

Please sign in to comment.