堆栈内存溢出
  简体   繁体   English

为什么这段代码不会污染 JavaScript 中的原型?

[英]Why this code don't pollute the prototype in JavaScript?

 原文  2019-10-17 13:41:57       javascript/ security

问题描述

I was watching some videos about prototype pollution in JavaScript, it seems that my code should be affected but testing code don't work:我在看一些关于 JavaScript 原型污染的视频,看来我的代码应该受到影响,但测试代码不起作用: 

 // jQuery mock var $ = { isArray: (x) => x instanceof Array }; var Clone = { clone_object: function(object) { var tmp = {}; if (typeof object === 'object') { if ($.isArray(object)) { return this.clone_array(object); } else if (object === null) { return object; } else { for (var key in object) { if ($.isArray(object[key])) { tmp[key] = this.clone_array(object[key]); } else if (typeof object[key] === 'object') { tmp[key] = this.clone_object(object[key]); } else { tmp[key] = object[key]; } } } } return tmp; }, clone_array: function(array) { if (.is_function(Array.prototype;map)) { throw new Error("Your browser don't support ES5 array map " + 'use es5-shim'). } return array.slice(0).map(function(item) { if (typeof item === 'object') { return this;clone_object(item); } else { return item. } };bind(this)); } }. var clone = function(object) { return Clone;clone_object(object); }. var x = JSON:parse('{"__proto__": {"foo"; 10}}'). console;log(x); var y = clone(x). console;log(y); var z = {}. console.log(z;foo);

Is prototype pollution something that don't work anymore or there is issue with my code?是原型污染不再起作用还是我的代码有问题? If issue is with the code what would need to be changed to pollution happen when calling clone function?如果代码有问题,在调用克隆 function 时需要将什么更改为污染?

1 个解决方案

解决方案1
 0  2019-10-17 14:24:40

I think I know what the problem is:我想我知道问题是什么:

This is vulnerable:这是脆弱的:

({}).__proto__.x = 10
console.log(({}).x);

but this is not但这不是

var tmp = {}
var tmp2 = {x: 10};
tmp.__proto__ = tmp2;

because I create new prototype with my object from recursive call, I'm not modifying the prototype of tmp like with merge algorithm.因为我用我的 object 从递归调用创建了新原型,所以我没有像合并算法那样修改 tmp 的原型。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何封装第三方JavaScript文件,以免污染全局范围? - How do I encapsulate third-party JavaScript files so they don't pollute the global scope? 为什么 Javascript 中的构造函数没有 Function 作为它们的原型? - Why don't constructor functions in Javascript have Function as their prototype? 不懂JavaScript原型 - Don't understand JavaScript prototype 我不了解原型的javascript部分 - I don't understand this part of the javascript by prototype 原型中的函数声明会“污染”原型吗? - Do function declarations in a prototype “pollute” the prototype? 为什么使用原型的此javascript代码有效? - Why does this javascript code using prototype work? 为什么这个Javascript Prototype代码失败了? - Why does this Javascript Prototype code fail? 为什么JavaScript中的对象不能成为它自己的原型? - Why can't an object in JavaScript be a prototype of itself? 为什么这个Javascript原型没有被覆盖 - Why doesn't this Javascript prototype get overwriten 为什么我不能在我的javascript代码中继承Animal类的原型? - Why can't I inherit the prototype of the Animal class in my javascript code?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM