From e469741dca7df2eb400199e1cdb74621e3f89aa5 Mon Sep 17 00:00:00 2001 From: mde Date: Fri, 12 Apr 2024 08:06:40 -0700 Subject: [PATCH] Basic pollution protection --- lib/ejs.js | 5 +++-- lib/utils.js | 9 +++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/ejs.js b/lib/ejs.js index 65590eae..1153b53f 100755 --- a/lib/ejs.js +++ b/lib/ejs.js @@ -506,8 +506,8 @@ exports.clearCache = function () { exports.cache.reset(); }; -function Template(text, opts) { - opts = opts || utils.createNullProtoObjWherePossible(); +function Template(text, optsParam) { + var opts = utils.hasOwnOnlyObject(optsParam); var options = utils.createNullProtoObjWherePossible(); this.templateText = text; /** @type {string | null} */ @@ -949,3 +949,4 @@ exports.name = _NAME; if (typeof window != 'undefined') { window.ejs = exports; } + diff --git a/lib/utils.js b/lib/utils.js index a0434d58..396edb36 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -238,4 +238,13 @@ exports.createNullProtoObjWherePossible = (function () { }; })(); +exports.hasOwnOnlyObject = function (obj) { + var o = exports.createNullProtoObjWherePossible(); + for (var p in obj) { + if (hasOwn(obj, p)) { + o[p] = obj[p]; + } + } + return o; +};