Open mwilde345 opened 3 years ago
@mwilde345, they seem to parse with base class as null
instead of Object to prevent prototype pollution.
We had a use case where, after parsing we wanted all prototypes at nested levels in place and we ended up used lodash deepClone to re add the prototypes back at level
@mwilde345, they seem to parse with base class as
null
instead of Object to prevent prototype pollution.We had a use case where, after parsing we wanted all prototypes at nested levels in place and we ended up used lodash deepClone to re add the prototypes back at level
To avoid prototype pollution I think it's enough to create the object with null prototype, and once proto get set, we can safely call setPrototypeOf
upon the object.
Using
deepStrictEqual
, I assumed the equality check would pass when stringifying and parsing a simple object. But the Object prototype is still null after parsing withjson-bigint
, even withprotoAction: 'preserve'
set.The check passes if I do
assert.deepStrictEqual(Object.assign({}, parsed), a)
Is this intended? Is it simply because
JSON.stringify
doesn't preserve prototypes into__proto__
keys?