From 22357494f424178cb416cdb7d93b26dd4f824b36 Mon Sep 17 00:00:00 2001
|
From: Michael Aquilina <michaelaquilina@gmail.com>
|
Date: Mon, 14 Jun 2021 12:28:46 +0100
|
Subject: [PATCH] fix: Use a null prototype object for this.files
|
|
This approach is taken to prevent overriding object methods that would
|
exist on a normal object Object.create({})
|
|
[Retrieved from:
|
https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36]
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
---
|
lib/index.js | 5 ++++-
|
lib/object.js | 6 +++---
|
2 files changed, 7 insertions(+), 4 deletions(-)
|
|
diff --git a/lib/index.js b/lib/index.js
|
index b449877..b4c95ba 100644
|
--- a/lib/index.js
|
+++ b/lib/index.js
|
@@ -19,7 +19,10 @@ function JSZip() {
|
// "folder/" : {...},
|
// "folder/data.txt" : {...}
|
// }
|
- this.files = {};
|
+ // NOTE: we use a null prototype because we do not
|
+ // want filenames like "toString" coming from a zip file
|
+ // to overwrite methods and attributes in a normal Object.
|
+ this.files = Object.create(null);
|
|
this.comment = null;
|
|
diff --git a/lib/object.js b/lib/object.js
|
index 1c9d8e8..aec3db7 100644
|
--- a/lib/object.js
|
+++ b/lib/object.js
|
@@ -179,16 +179,16 @@ var out = {
|
*/
|
forEach: function(cb) {
|
var filename, relativePath, file;
|
+ /* jshint ignore:start */
|
+ // ignore warning about unwanted properties because this.files is a null prototype object
|
for (filename in this.files) {
|
- if (!this.files.hasOwnProperty(filename)) {
|
- continue;
|
- }
|
file = this.files[filename];
|
relativePath = filename.slice(this.root.length, filename.length);
|
if (relativePath && filename.slice(0, this.root.length) === this.root) { // the file is in the current root
|
cb(relativePath, file); // TODO reverse the parameters ? need to be clean AND consistent with the filter search fn...
|
}
|
}
|
+ /* jshint ignore:end */
|
},
|
|
/**
|
