Fix: check for ownProperties on Richtext renderer HTML attributes

Edo-San commented 2 months ago

Pull request type

[x] Bugfix
[ ] Feature
[ ] Code style update (formatting, renaming)
[ ] Refactoring (no functional changes, no api changes)
[ ] Other (please describe):

How to test this PR

Add a property to tag.attrs prototype
Render a Richtext field
Check that the added property is NOT looped over

What is the new behavior?

This PR fixes a potential security issue related to looping over object properties without assessing if they are object own properties or part of the prototype chain.

notion-workspace[bot] commented 2 months ago

Avoid looping over other prototype chain properties in richtextResolver

github-actions[bot] commented 1 month ago

:tada: This PR is included in version 6.8.2 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

storyblok / storyblok-js-client

Fix: check for ownProperties on Richtext renderer HTML attributes #848

Pull request type

How to test this PR

What is the new behavior?