This adds a new Parser option restrictMemberAccess which can be used to prevent certain member properties to be accessed throw the . operator.
it('should restrict certain member access', function () {
var parser = new Parser({ allowMemberAccess: true, restrictMemberAccess: ['b', 'constructor', '__proto__'] });
assert.throws(function () { parser.evaluate('a.b', { a: { b: 2, c: 3 } }); }, /access to member "b" is not permitted/);
assert.throws(function () { parser.evaluate('min.__proto__'); }, /access to member "__proto__" is not permitted/);
assert.throws(function () { parser.evaluate('min.constructor'); }, /access to member "constructor" is not permitted/);
assert.doesNotThrow(function () { parser.evaluate('a.c', { a: { b: 2, c: 3 } }); });
});
This adds a new Parser option
restrictMemberAccesswhich can be used to prevent certain member properties to be accessed throw the.operator.