Merge pull request #67 from RooVetGit/alert-autofix-2

mrubens · web-flow · commit 70639ec0dfd0 · 2024-12-11T13:04:01.000-05:00
Fix code scanning alert no. 2: Prototype-polluting function
diff --git a/webview-ui/src/components/history/HistoryView.tsx b/webview-ui/src/components/history/HistoryView.tsx
@@ -462,10 +462,13 @@ export const highlight = (
 		let i: number
 
 		for (i = 0; i < pathValue.length - 1; i++) {
+			if (pathValue[i] === "__proto__" || pathValue[i] === "constructor") return
 			obj = obj[pathValue[i]] as Record<string, any>
 		}
 
-		obj[pathValue[i]] = value
+		if (pathValue[i] !== "__proto__" && pathValue[i] !== "constructor") {
+			obj[pathValue[i]] = value
+		}
 	}
 
 	// Function to merge overlapping regions

Original file line number	Diff line number	Diff line change
`@@ -462,10 +462,13 @@ export const highlight = (`
`462`	`462`	`let i: number`
`463`	`463`
`464`	`464`	`for (i = 0; i < pathValue.length - 1; i++) {`
	`465`	`+ if (pathValue[i] === "__proto__" \|\| pathValue[i] === "constructor") return`
`465`	`466`	`obj = obj[pathValue[i]] as Record<string, any>`
`466`	`467`	`}`
`467`	`468`
`468`		`- obj[pathValue[i]] = value`
	`469`	`+ if (pathValue[i] !== "__proto__" && pathValue[i] !== "constructor") {`
	`470`	`+ obj[pathValue[i]] = value`
	`471`	`+ }`
`469`	`472`	`}`
`470`	`473`
`471`	`474`	`// Function to merge overlapping regions`