(input: string)
| 2 | * Run JSON.parse, but ignore `__proto__` properties. This prevents prototype pollution attacks |
| 3 | */ |
| 4 | export function parseJSON(input: string): any { |
| 5 | if (String(input).includes('__proto__')) { |
| 6 | return JSON.parse(input, noproto); |
| 7 | } |
| 8 | |
| 9 | return JSON.parse(input); |
| 10 | } |
| 11 | |
| 12 | export function noproto<T>(key: string, value: T): T | void { |
| 13 | if (key !== '__proto__') { |
no test coverage detected