File tree Expand file tree Collapse file tree 1 file changed +20
-2
lines changed Expand file tree Collapse file tree 1 file changed +20
-2
lines changed Original file line number Diff line number Diff line change @@ -131,12 +131,30 @@ describe('XML Body Parser', function () {
131131 . expect ( 400 , done ) ;
132132 } ) ;
133133
134- it ( 'should not set/change prototype' , function ( done ) {
134+ it ( 'should not set/change prototype using __proto__ ' , function ( done ) {
135135 createServer ( ) ;
136136 request ( app )
137137 . post ( '/' )
138138 . set ( 'Content-Type' , 'application/xml' )
139139 . send ( '<__proto__><name>Bob</name></__proto__>' )
140- . expect ( 200 , { parsed : { name : [ 'Bob' ] } } , done ) ;
140+ . expect ( 200 , { parsed : { } } , done ) ;
141+ } ) ;
142+
143+ it ( 'should not set/change using __proto__' , function ( done ) {
144+ createServer ( ) ;
145+ request ( app )
146+ . post ( '/' )
147+ . set ( 'Content-Type' , 'application/xml' )
148+ . send ( '<prototype><name>Bob</name></prototype>' )
149+ . expect ( 200 , { parsed : { } } , done ) ;
150+ } ) ;
151+
152+ it ( 'should not set/change using constructor' , function ( done ) {
153+ createServer ( ) ;
154+ request ( app )
155+ . post ( '/' )
156+ . set ( 'Content-Type' , 'application/xml' )
157+ . send ( '<constructor><name>Bob</name></constructor>' )
158+ . expect ( 200 , { parsed : { } } , done ) ;
141159 } ) ;
142160} ) ;
You can’t perform that action at this time.
0 commit comments