#2219 Frezing object to protect the prototype

cypress/platform/knsv.html

@@ -57,9 +57,8 @@ subgraph CompositeState
 end
 </div>
 <div class="mermaid" style="width: 100%; height: 20%;">
-%%{init: { '__proto__': {'vuln': 'test'}} }%%
+%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%%
-%%{init: { '__proto__': {'vuln': 'test'}} }%%
+%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%%
-
 sequenceDiagram
 Alice->>Bob: Hi Bob
 Bob->>Alice: Hi Alice

cypress/platform/xss2.html

@@ -44,6 +44,13 @@
       graph LR
           A --> B
     </div>
+    <div class="mermaid">
+      %%{init: { 'prototype': {'__proto__': {'polluted': 'test'}}} }%%
+      %%{init: { 'prototype': {'__proto__': {'polluted': 'test'}}} }%%
+      sequenceDiagram
+      Alice->>Bob: Hi Bob
+      Bob->>Alice: Hi Alice
+    </div>
     <script src="./mermaid.js"></script>
     <script>
       mermaid.initialize({

src/utils.js

@@ -77,8 +77,20 @@ export const detectInit = function (text, cnf) {
           log.debug('sanitize deleting prototype option', args[key]);
           delete args[argKey][key];
         }
+
+        if (key.indexOf('proto') >= 0) {
+          log.debug('sanitize deleting prototype option', args[key]);
+          delete args[argKey][key];
+        }
+
+        if (key.indexOf('constr') >= 0) {
+          log.debug('sanitize deleting prototype option', args[key]);
+          delete args[argKey][key];
+        }
       });
     });
+    Object.freeze(Object.prototype);
+    Object.freeze(Object);
     results = assignWithDepth(results, [...args]);
   } else {
     results = inits.args;