From 48bb3823ee7bffc6748a3035895b6e622cf6ca22 Mon Sep 17 00:00:00 2001 From: Zack Date: Mon, 20 Jul 2020 14:19:03 -0700 Subject: [PATCH 1/3] use null prototype objects for languages/aliases --- src/highlight.js | 4 ++-- test/api/getLanguage.js | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/src/highlight.js b/src/highlight.js index 4f98f38ea5..b16efe83a0 100644 --- a/src/highlight.js +++ b/src/highlight.js @@ -29,9 +29,9 @@ const HLJS = function(hljs) { // Global internal variables used within the highlight.js library. /** @type {Record} */ - var languages = {}; + var languages = Object.create(null); /** @type {Record} */ - var aliases = {}; + var aliases = Object.create(null); /** @type {HLJSPlugin[]} */ var plugins = []; diff --git a/test/api/getLanguage.js b/test/api/getLanguage.js index d2654a4f63..422fd57952 100644 --- a/test/api/getLanguage.js +++ b/test/api/getLanguage.js @@ -41,4 +41,34 @@ describe('.getLanguage()', () => { result.should.have.property('aliases').with.containEql('cs'); should.strictEqual(result, hljs.getLanguage('csharp')) }); + + it('should not succeed for hasOwnProperty', () => { + const result = hljs.getLanguage('hasOwnProperty'); + + should.strictEqual(result, undefined); + }); + + it('should not succeed for toString', () => { + const result = hljs.getLanguage('toString'); + + should.strictEqual(result, undefined); + }); + + it('should not succeed for valueOf', () => { + const result = hljs.getLanguage('valueOf'); + + should.strictEqual(result, undefined); + }); + + it('should not succeed for constructor', () => { + const result = hljs.getLanguage('constructor'); + + should.strictEqual(result, undefined); + }); + + it('should not succeed for __proto__', () => { + const result = hljs.getLanguage('__proto__'); + + should.strictEqual(result, undefined); + }); }); From 214665dd1afae177cf1d17ed435b6d06ebfe9df1 Mon Sep 17 00:00:00 2001 From: Zack Date: Mon, 20 Jul 2020 15:52:53 -0700 Subject: [PATCH 2/3] update changes --- CHANGES.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index b530661178..c641b19cfd 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,10 +8,12 @@ Language Improvements: - enh(matlab) Add new R2019b `arguments` keyword and fix `enumeration` keyword (#2619) [Andrew Janke][] - fix(kotlin) Remove very old keywords and update example code (#2623) [kageru][] +- fix(night) Prevent object prototypes method values from being returned in `getLanguage` (#2636) [night][] [Andrew Janke]: https://github.com/apjanke [Samia Ali]: https://github.com/samiaab1990 [kageru]: https://github.com/kageru +[night]: https://github.com/night ## Version 10.1.1 From fb1022e59745853d037822a238161ff2e6fffa4b Mon Sep 17 00:00:00 2001 From: Zack Date: Mon, 20 Jul 2020 17:18:44 -0700 Subject: [PATCH 3/3] remove a few tests per request --- test/api/getLanguage.js | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/test/api/getLanguage.js b/test/api/getLanguage.js index 422fd57952..ae14ebb92e 100644 --- a/test/api/getLanguage.js +++ b/test/api/getLanguage.js @@ -42,24 +42,6 @@ describe('.getLanguage()', () => { should.strictEqual(result, hljs.getLanguage('csharp')) }); - it('should not succeed for hasOwnProperty', () => { - const result = hljs.getLanguage('hasOwnProperty'); - - should.strictEqual(result, undefined); - }); - - it('should not succeed for toString', () => { - const result = hljs.getLanguage('toString'); - - should.strictEqual(result, undefined); - }); - - it('should not succeed for valueOf', () => { - const result = hljs.getLanguage('valueOf'); - - should.strictEqual(result, undefined); - }); - it('should not succeed for constructor', () => { const result = hljs.getLanguage('constructor');