Created
June 5, 2018 06:46
-
-
Save mikesamuel/fac604851f86630adad27a8fa8f6e47c to your computer and use it in GitHub Desktop.
JSON.parse that filters out __proto__
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JSON.parse = (() => { | |
| const undef = void 0; | |
| const jsonParse = JSON.parse; | |
| function noProtoReviver (key, value) { | |
| if (key === '__proto__') { | |
| console.warn('Removed __proto__ from parsed JSON'); | |
| return undef; // Remove property entirely | |
| } | |
| return value; | |
| } | |
| return function parse (text, reviver) { | |
| const compositionOfRevivers = reviver | |
| ? (key, value) => { | |
| value = noProtoReviver(key, value); | |
| return (value === undef) ? undef : reviver(key, value); | |
| } | |
| : noProtoReviver; | |
| return jsonParse(text, compositionOfRevivers); | |
| }; | |
| })(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment