Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d2770b2

Browse filesBrowse files
alexbrasetvikalexbrasetvik
committed
fixup! Sanitize sourceURL so it cannot affect evaled code
1 parent 2fa5232 commit d2770b2
Copy full SHA for d2770b2

File tree

Expand file treeCollapse file tree

1 file changed

+2
-2
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+2
-2
lines changed

‎lodash.js

Copy file name to clipboardExpand all lines: lodash.js
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14822,7 +14822,7 @@
1482214822
// to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in
1482314823
// and escape the comment, thus injecting code that gets evaled.
1482414824
var sourceURL = '//# sourceURL=' + (
14825-
options.sourceURL
14825+
hasOwnProperty.call(options, 'sourceURL')
1482614826
? (options.sourceURL + '').replace(/\s/g, ' ')
1482714827
: ('lodash.templateSources[' + (++templateCounter) + ']')
1482814828
) + '\n';
@@ -14856,7 +14856,7 @@
1485614856

1485714857
// If `variable` is not specified wrap a with-statement around the generated
1485814858
// code to add the data object to the top of the scope chain.
14859-
var variable = options.variable;
14859+
var variable = hasOwnProperty.call(options, 'variable') && options.variable;
1486014860
if (!variable) {
1486114861
source = 'with (obj) {\n' + source + '\n}\n';
1486214862
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.