Fix: Possible prototype pollution if constructor were used in a dat…

…a property name 418sec/huntr#827
DataTables · Oct 25, 2020 · a51cbe9 · a51cbe9
1 parent d878f88
commit a51cbe9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/js/core/core.data.js b/js/core/core.data.js
@@ -357,7 +357,7 @@ function _fnSetObjectDataFn( mSource )
 			for ( var i=0, iLen=a.length-1 ; i<iLen ; i++ )
 			{
 				// Protect against prototype pollution
-				if (a[i] === '__proto__') {
+				if (a[i] === '__proto__' || a[i] === 'constructor') {
 					throw new Error('Cannot set prototype values');
 				}