url: replace native methods with primordials

Ayoub-Mabrouk · Ayoub-Mabrouk · commit 343c6b8d39a5 · 2025-12-29T18:33:33.000+01:00
Replace native array methods with primordials in url.js to
protect against prototype pollution.
diff --git a/lib/internal/url.js b/lib/internal/url.js
@@ -551,7 +551,7 @@ class URLSearchParams {
     name = StringPrototypeToWellFormed(`${name}`);
     for (let i = 0; i < list.length; i += 2) {
       if (list[i] === name) {
-        values.push(list[i + 1]);
+        ArrayPrototypePush(values, list[i + 1]);
       }
     }
     return values;
@@ -1259,11 +1259,11 @@ function parseParams(qs) {
         buf += qs.slice(lastPos, i);
       if (encoded)
         buf = querystring.unescape(buf);
-      out.push(buf);
+      ArrayPrototypePush(out, buf);
 
       // If `buf` is the key, add an empty value.
       if (!seenSep)
-        out.push('');
+        ArrayPrototypePush(out, '');
 
       seenSep = false;
       buf = '';
@@ -1280,7 +1280,7 @@ function parseParams(qs) {
         buf += qs.slice(lastPos, i);
       if (encoded)
         buf = querystring.unescape(buf);
-      out.push(buf);
+      ArrayPrototypePush(out, buf);
 
       seenSep = true;
       buf = '';
