`require('query-string').parse('hasOwnProperty&hasOwnProperty');` breaks

[cspotcode]

Unsafe usage of hasOwnProperty means that parsing certain query strings will throw an error.

The following cases are also not working correctly:

qs.parse('__proto__');
qs.parse('__proto__&__proto__');

Object.create(null) should fix the problem.

[sindresorhus]

Wanna do a pull request? :)

[cspotcode]

Sorry, I can't. I'm busy with some other things at least for the time being.

[cspotcode]

Just a reminder that, as of v3.0.3, this bug is unresolved.

// Reproduction:
require('query-string').parse('hasOwnProperty&b');

[gabrielecirulli]

Just a side note, this should have been noted in some sort of a changelog (I couldn't find any, sorry if there is one and I didn't see it). I got bit by a case where I was using "hasOwnProperty" on a parsed query string and it stopped working.