Skip to content

Commit

Permalink
e8cc578efcada1b0210acc11e5449e29eaad4d32 Fix: A malicious plug-in for…
Browse files Browse the repository at this point in the history 
… the DataTables API could potentially attempt to add to an object's prototype.

Sync to source repo @e8cc578efcada1b0210acc11e5449e29eaad4d32
  • Loading branch information
dtbuild committed Apr 9, 2024
1 parent 6172084 commit 9ea1b00
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 3 deletions.
2 changes: 1 addition & 1 deletion datatables.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@
],
"src-repo": "http://github.com/DataTables/DataTablesSrc",
"last-tag": "2.0.3",
"last-sync": "ded438d92e3b54bc95c1a2dabbaf55e372dee4bf"
"last-sync": "e8cc578efcada1b0210acc11e5449e29eaad4d32"
}
4 changes: 4 additions & 0 deletions js/dataTables.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6858,6 +6858,10 @@
for ( i=0, ien=ext.length ; i<ien ; i++ ) {
struct = ext[i];

if (struct.name === '__proto__') {
continue;
}

// Value
obj[ struct.name ] = struct.type === 'function' ?
_api_scope( scope, struct.val, struct ) :
Expand Down
2 changes: 1 addition & 1 deletion js/dataTables.min.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/dataTables.min.mjs
View file

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions js/dataTables.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6805,6 +6805,10 @@ _Api.extend = function ( scope, obj, ext )
for ( i=0, ien=ext.length ; i<ien ; i++ ) {
struct = ext[i];

if (struct.name === '__proto__') {
continue;
}

// Value
obj[ struct.name ] = struct.type === 'function' ?
_api_scope( scope, struct.val, struct ) :
Expand Down

0 comments on commit 9ea1b00

Please sign in to comment.