From dbd423e62f4742a9f91a8a6b67b00ce1869ac09b Mon Sep 17 00:00:00 2001
From: arjunshibu <arjunshibu1999@gmail.com>
Date: Thu, 7 Jan 2021 16:38:50 +0530
Subject: [PATCH] Security fix for Prototype Pollution

---
 src/index.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/index.js b/src/index.js
index ef79bb4..9141857 100644
--- a/src/index.js
+++ b/src/index.js
@@ -54,6 +54,13 @@ const removeEmptyInArray = array => array.filter(value => !!value);
  */
 const removeQuotesInString = string => string.replace(/(['"])/g, '');
 
+/**
+ * Blacklist certain keys to prevent Prototype Pollution
+ * @param key {string}
+ * @returns {boolean}
+ */
+const isPrototypePolluted = key => ['__proto__', 'constructor', 'prototype'].includes(key);
+
 // main function
 
 /**
@@ -84,6 +91,9 @@ const digger = (
 
   for (index = 0; index < classified.length; index++) {
     let current = classified[index];
+    
+    if (isPrototypePolluted(current))
+      continue;
 
     if (isQuoted(current)) {
       current = removeQuotesInString(current);