#2219 Frezing object to protect the prototype

2025-09-19 07:19:41 +02:00 · 2021-08-05 00:40:21 +02:00
parent af7f5d0aaf
commit f8891beb0a
3 changed files with 21 additions and 3 deletions
--- a/cypress/platform/knsv.html
+++ b/cypress/platform/knsv.html
@@ -57,9 +57,8 @@ subgraph CompositeState
 end
 </div>
 <div class="mermaid" style="width: 100%; height: 20%;">
-%%{init: { '__proto__': {'vuln': 'test'}} }%%
-%%{init: { '__proto__': {'vuln': 'test'}} }%%
-
+%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%%
+%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%%
 sequenceDiagram
 Alice->>Bob: Hi Bob
 Bob->>Alice: Hi Alice
--- a/cypress/platform/xss2.html
+++ b/cypress/platform/xss2.html
@@ -44,6 +44,13 @@
      graph LR
          A --> B
    </div>
+    <div class="mermaid">
+      %%{init: { 'prototype': {'__proto__': {'polluted': 'test'}}} }%%
+      %%{init: { 'prototype': {'__proto__': {'polluted': 'test'}}} }%%
+      sequenceDiagram
+      Alice->>Bob: Hi Bob
+      Bob->>Alice: Hi Alice
+    </div>
    <script src="./mermaid.js"></script>
    <script>
      mermaid.initialize({