querystring: allow querystring parse to handle __proto__ (!6044) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/jasnell/querystring-proto into master Apr 04, 2016

Pull Request check-list

Does make -j8 test (UNIX) or vcbuild test nosign (Windows) pass with this change (including linting)?
Is the commit message formatted according to [CONTRIBUTING.md][0]?
If this change fixes a bug (or a performance problem), is a regression test (or a benchmark) included?

Affected core subsystem(s)

querystring

Description of change

Per #5642 (closed), using querystring.parse to parse 'a=b&__proto__=1' causes the __proto__ to be swallowed and ignored. This works around the limitation by temporarily setting the prototype of the parsed obj to null during the parse, then setting it back before returning.

The rest of the existing implementation remains the same.

Fixes: https://github.com/nodejs/node/issues/5642

/cc @mscdex @WebReflection

Admin message

Admin message

querystring: allow querystring parse to handle __proto__

Pull Request check-list

Affected core subsystem(s)

Description of change

Merge request reports

querystring: allow querystring parse to handle proto