From e5bd455dcff34a89a0921f863d9b8ed989ff701e Mon Sep 17 00:00:00 2001
From: mtyszczak <mateusz.tyszczak@gmail.com>
Date: Wed, 26 Mar 2025 13:10:47 +0100
Subject: [PATCH] Prevent prototype pollution in iterate utility function

---
 ts/wasm/lib/detailed/util/iterate.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ts/wasm/lib/detailed/util/iterate.ts b/ts/wasm/lib/detailed/util/iterate.ts
index 3e0061557..f7cd6c35d 100644
--- a/ts/wasm/lib/detailed/util/iterate.ts
+++ b/ts/wasm/lib/detailed/util/iterate.ts
@@ -5,6 +5,9 @@ export const iterate = <T extends Record<string, any>>(source: DeepPartial<T>, t
     return source;
 
   for(const itKey in (target as DeepPartial<T>)) {
+    // Prevent prototype pollution
+    if (itKey === "__proto__" || itKey === "constructor") continue;
+
     if(typeof target[itKey] !== "object") {
       source[itKey] = target[itKey] as any;
 
-- 
GitLab