Unique Indices will fail for some user input - Githubissues

techfort / LokiJS

javascript embeddable / in-memory database

http:/techfort.github.io/LokiJS

MIT License

6.73k stars 482 forks source link

Unique Indices will fail for some user input #839

Closed radex closed 4 years ago

radex commented 4 years ago

because of this:

    function UniqueIndex(uniqueField) {
      this.keyMap = {};
    };
    /* snip */
    UniqueIndex.prototype.get = function (key) {
      return this.keyMap[key];
    };

collection.by(key, xxx) cannot have any unsanitized xxx input or it might fail. For example, this.keyMap['hasOwnProperty'] will always be truthy.

One simple solution is to use Object.create(null) instead of {}, so that the object has no prototype.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

radex commented 4 years ago

no, bot