Disable prototype poisoning option (#1414) (#1420)

* Introduce disablePrototypePoisoningProtection option * Updated test * Updated docs * Fix bundler test Co-authored-by: Tomas Della Vedova <delvedor@users.noreply.github.com>
2021-03-15 08:52:34 +01:00
parent 9fe088589c
commit 528b90d19a
9 changed files with 166 additions and 31 deletions
--- a/docs/basic-config.asciidoc
+++ b/docs/basic-config.asciidoc
@ -244,4 +244,8 @@ const client = new Client({
 })
 ----

+|`disablePrototypePoisoningProtection`
+|`boolean`, `'proto'`, `'constructor'` - By the default the client will protect you against prototype poisoning attacks. Read https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08[this article] to learn more. If needed you can disable prototype poisoning protection entirely or one of the two checks. Read the `secure-json-parse` https://github.com/fastify/secure-json-parse[documentation] to learn more. +
+_Default:_ `false`
+
 |===