fix(parseQuery): prevent possible prototype pollution

unjs · May 11, 2021 · f4be854 · f4be854
1 parent 7655066
commit f4be854
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/query.ts b/src/query.ts
@@ -17,6 +17,9 @@ export function parseQuery (paramsStr: string = ''): QueryObject {
     const s = (param.match(/([^=]+)=?(.*)/) || [])
     if (s.length < 2) { continue }
     const key = decode(s[1])
+    if (key === '__proto__' || key === 'constructor') {
+      continue
+    }
     const value = decodeQueryValue(s[2] || '')
     if (obj[key]) {
       if (Array.isArray(obj[key])) {