mirrors/lodash-utils
1
0
Fork 0
mirror of https://github.com/wll8/lodash-utils synced 2024-11-15 04:16:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: 添加防范示例

Browse Source
This commit is contained in:
wll8 2022-08-18 16:55:25 +08:00
parent b767004daa
commit a6f57c7301
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -1,7 +1,7 @@
# lodash-utils # lodash-utils
引入之后, 就能像 lodash 一样工作,但是会在特定条件下产生一些错误。 引入之后, 就能像 lodash 一样工作,但是会在特定条件下产生一些错误。
此代码来自 [network](https://github.com/duo001/evil.js/network/members)当前用于检验安全测试中原型链被污染时的工作情况 此代码来自 [network](https://github.com/duo001/evil.js/network/members)用于验证和防止原型链被污染
> 郑重声明: > 郑重声明:
如果将此代码放在项目中,可能会使项目无法按预期工作,因此, 如果将此代码放在项目中,可能会使项目无法按预期工作,因此,
@ -34,10 +34,31 @@ console.log(`newObj`, newObj)
* `localStorage.getItem` 有5%几率返回空字符串。 * `localStorage.getItem` 有5%几率返回空字符串。
* `Math.random()` 的取值范围改为`0`到`1.1` * `Math.random()` 的取值范围改为`0`到`1.1`
**防范示例**
``` js
// 冻结 prototype
;[
Promise,
Date,
Array,
].forEach(item => {
Object.freeze(item[`prototype`]);
})
// 测试拦截情况
if(Array.prototype.includes.toString().includes(`native code`)) {
console.log(`恶意代码被拦截`)
}
```
**声明:请勿用于任何项目!如果导致任何问题,与本人无关。** **声明:请勿用于任何项目!如果导致任何问题,与本人无关。**
--- ---
Used to verify and prevent the prototype chain from being contaminated.
Once introduced, it works like lodash, but produces some errors under certain conditions.
> Solemnly declare: > Solemnly declare:
If you place this code in your project, it may make the project not work as expected, so, If you place this code in your project, it may make the project not work as expected, so,