Use null prototype for Object literals.

cscott · cscott · commit a57c4cfdb93e · 2016-02-05T14:36:11.000-05:00
This prevents inadvertent leakage of `Object` properties into the map.
diff --git a/.jshintrc b/.jshintrc
@@ -5,5 +5,6 @@
   "evil":       true,
   "loopfunc":   true,
   "undef":      true,
-  "rhino":      false
+  "rhino":      false,
+  "proto":      true
 }
diff --git a/build.xml b/build.xml
@@ -120,6 +120,7 @@
             <fileset dir="${src.dir}/util" includes="*.js" />
             <footer trimleading="yes">
             parserlib.util = {
+                __proto__   : null,
                 StringReader: StringReader,
                 SyntaxError : SyntaxError,
                 SyntaxUnit  : SyntaxUnit,
@@ -150,6 +151,7 @@
             <fileset dir="${src.dir}/css" includes="*.js" />
             <footer trimleading="yes">
             parserlib.css = {
+                __proto__           :null,
                 Colors              :Colors,
                 Combinator          :Combinator,
                 Parser              :Parser,
diff --git a/src/css/Colors.js b/src/css/Colors.js
@@ -1,5 +1,6 @@
 
 var Colors = {
+    __proto__       :null,
     aliceblue       :"#f0f8ff",
     antiquewhite    :"#faebd7",
     aqua            :"#00ffff",
diff --git a/src/css/Parser.js b/src/css/Parser.js
@@ -43,6 +43,7 @@ Parser.prototype = function(){
     var proto = new EventTarget(),  //new prototype
         prop,
         additions =  {
+            __proto__: null,
 
             //restore constructor
             constructor: Parser,
@@ -2363,7 +2364,7 @@ Parser.prototype = function(){
 
     //copy over onto prototype
     for (prop in additions){
-        if (additions.hasOwnProperty(prop)){
+        if (Object.prototype.hasOwnProperty.call(additions, prop)){
             proto[prop] = additions[prop];
         }
     }
diff --git a/src/css/Properties.js b/src/css/Properties.js
@@ -1,5 +1,6 @@
 /*global Validation, ValidationTypes, ValidationError*/
 var Properties = {
+    __proto__: null,
 
     //A
     "align-items"                   : "flex-start | flex-end | center | baseline | stretch",
diff --git a/src/css/Pseudos.js b/src/css/Pseudos.js
@@ -1,4 +1,5 @@
 var Pseudos = {
+    __proto__:       null,
     ":first-letter": 1,
     ":first-line":   1,
     ":before":       1,
diff --git a/src/css/ValidationTypes.js b/src/css/ValidationTypes.js
@@ -82,6 +82,7 @@ var ValidationTypes = {
 
 
     simple: {
+        __proto__: null,
 
         "<absolute-size>": function(part){
             return ValidationTypes.isLiteral(part, "xx-small | x-small | small | medium | large | x-large | xx-large");
@@ -256,6 +257,7 @@ var ValidationTypes = {
     },
 
     complex: {
+        __proto__: null,
 
         "<bg-position>": function(expression){
             var result  = false,

Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,6 @@`
`5`	`5`	`"evil": true,`
`6`	`6`	`"loopfunc": true,`
`7`	`7`	`"undef": true,`
`8`		`- "rhino": false`
	`8`	`+ "rhino": false,`
	`9`	`+ "proto": true`
`9`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ Parser.prototype = function(){`
`43`	`43`	`var proto = new EventTarget(), //new prototype`
`44`	`44`	`prop,`
`45`	`45`	`additions = {`
	`46`	`+ __proto__: null,`
`46`	`47`
`47`	`48`	`//restore constructor`
`48`	`49`	`constructor: Parser,`
`@@ -2363,7 +2364,7 @@ Parser.prototype = function(){`
`2363`	`2364`
`2364`	`2365`	`//copy over onto prototype`
`2365`	`2366`	`for (prop in additions){`
`2366`		`- if (additions.hasOwnProperty(prop)){`
	`2367`	`+ if (Object.prototype.hasOwnProperty.call(additions, prop)){`
`2367`	`2368`	`proto[prop] = additions[prop];`
`2368`	`2369`	`}`
`2369`	`2370`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`var Pseudos = {`
	`2`	`+ __proto__: null,`
`2`	`3`	`":first-letter": 1,`
`3`	`4`	`":first-line": 1,`
`4`	`5`	`":before": 1,`