🔒️ fix CVE-2019-11358

Author: ctcpip

src/core.js

@@ -576,8 +576,9 @@ jQuery.extend = jQuery.fn.extend = function() {
 			for ( var name in options ) {
 				var src = target[ name ], copy = options[ name ];
 
+				// Prevent Object.prototype pollution
 				// Prevent never-ending loop
-				if ( target === copy )
+				if ( name === "__proto__" || target === copy )
 					continue;
 
 				// Recurse if we're merging object values

test/unit/core.js

@@ -1416,6 +1416,13 @@ test("text(String)", function() {
 	equals( j[2].nodeType, 8, "Check node,textnode,comment with text()" );
 });
 
+test( "jQuery.extend( true, ... ) Object.prototype pollution", function( assert ) {
+	expect( 1 );
+
+	jQuery.extend( true, {}, JSON.parse( "{\"__proto__\": {\"devMode\": true}}" ) );
+	ok( !( "devMode" in {} ), "Object.prototype not polluted" );
+} );
+
 test("$.each(Object,Function)", function() {
 	expect(12);
 	$.each( [0,1,2], function(i, n){