From e7620114622f57f9da6af0c26eac6be7f52cfbae Mon Sep 17 00:00:00 2001 From: "Alexander V. Wolf" Date: Sat, 28 Sep 2024 21:14:38 +0700 Subject: [PATCH] Fix code scanning alert no. 1: Prototype-polluting function Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- plugins/RemoteControl/webroot/js/globalize.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/RemoteControl/webroot/js/globalize.js b/plugins/RemoteControl/webroot/js/globalize.js index 620a89b30e4c7..e2eec251af560 100644 --- a/plugins/RemoteControl/webroot/js/globalize.js +++ b/plugins/RemoteControl/webroot/js/globalize.js @@ -320,6 +320,10 @@ extend = function() { if ( (options = arguments[ i ]) != null ) { // Extend the base object for ( name in options ) { + // Skip special properties to prevent prototype pollution + if (name === "__proto__" || name === "constructor") { + continue; + } src = target[ name ]; copy = options[ name ];