-
Notifications
You must be signed in to change notification settings - Fork 196
/
proto-test.js
58 lines (52 loc) · 2.47 KB
/
proto-test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
const makeJSON = require('../index.js');
const expect = require('chai').expect;
describe('__proto__ and constructor assignment', function () {
it('should set __proto__ property but not a prototype if protoAction is set to preserve', () => {
const JSONbig = makeJSON({ protoAction: 'preserve' });
const obj1 = JSONbig.parse('{ "__proto__": 1000000000000000 }');
expect(Object.getPrototypeOf(obj1)).to.equal(null);
const obj2 = JSONbig.parse('{ "__proto__": { "admin": true } }');
expect(obj2.admin).to.not.equal(true);
});
it('should throw an exception if protoAction set to invalid value', () => {
expect(() => {
makeJSON({ protoAction: 'invalid value' });
}).to.throw(
'Incorrect value for protoAction option, must be "error", "ignore" or undefined but passed invalid value'
);
});
it('should throw an exception if constructorAction set to invalid value', () => {
expect(() => {
makeJSON({ constructorAction: 'invalid value' });
}).to.throw(
'Incorrect value for constructorAction option, must be "error", "ignore" or undefined but passed invalid value'
);
});
it('should throw an exception if protoAction set to error and there is __proto__ property', () => {
const JSONbig = makeJSON({ protoAction: 'error' });
expect(() =>
JSONbig.parse('{ "\\u005f_proto__": 1000000000000000 }')
).to.throw('Object contains forbidden prototype property');
});
it('should throw an exception if constructorAction set to error and there is constructor property', () => {
const JSONbig = makeJSON({ protoAction: 'error' });
expect(() => JSONbig.parse('{ "constructor": 1000000000000000 }')).to.throw(
'Object contains forbidden constructor property'
);
});
it('should ignore __proto__ property if protoAction is set to ignore', () => {
const JSONbig = makeJSON({ protoAction: 'ignore' });
const obj1 = JSONbig.parse(
'{ "__proto__": 1000000000000000, "a" : 42, "nested": { "__proto__": false, "b": 43 } }'
);
expect(Object.getPrototypeOf(obj1)).to.equal(null);
expect(obj1).to.deep.equal({ a: 42, nested: { b: 43 } });
});
it('should ignore constructor property if constructorAction is set to ignore', () => {
const JSONbig = makeJSON({ constructorAction: 'ignore' });
const obj1 = JSONbig.parse(
'{ "constructor": 1000000000000000, "a" : 42, "nested": { "constructor": false, "b": 43 } }'
);
expect(obj1).to.deep.equal({ a: 42, nested: { b: 43 } });
});
});