|
1 | | -/* js-yaml 3.13.0 https://github.com/nodeca/js-yaml */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.jsyaml = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){ |
| 1 | +/* js-yaml 3.13.1 https://github.com/nodeca/js-yaml */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.jsyaml = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){ |
2 | 2 | 'use strict'; |
3 | 3 |
|
4 | 4 |
|
@@ -1007,6 +1007,8 @@ var PATTERN_TAG_HANDLE = /^(?:!|!!|![a-z\-]+!)$/i; |
1007 | 1007 | var PATTERN_TAG_URI = /^(?:!|[^,\[\]\{\}])(?:%[0-9a-f]{2}|[0-9a-z\-#;\/\?:@&=\+\$,_\.!~\*'\(\)\[\]])*$/i; |
1008 | 1008 |
|
1009 | 1009 |
|
| 1010 | +function _class(obj) { return Object.prototype.toString.call(obj); } |
| 1011 | + |
1010 | 1012 | function is_EOL(c) { |
1011 | 1013 | return (c === 0x0A/* LF */) || (c === 0x0D/* CR */); |
1012 | 1014 | } |
@@ -1264,16 +1266,29 @@ function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valu |
1264 | 1266 |
|
1265 | 1267 | // The output is a plain object here, so keys can only be strings. |
1266 | 1268 | // We need to convert keyNode to a string, but doing so can hang the process |
1267 | | - // (deeply nested arrays that explode exponentially using aliases) or execute |
1268 | | - // code via toString. |
| 1269 | + // (deeply nested arrays that explode exponentially using aliases). |
1269 | 1270 | if (Array.isArray(keyNode)) { |
| 1271 | + keyNode = Array.prototype.slice.call(keyNode); |
| 1272 | + |
1270 | 1273 | for (index = 0, quantity = keyNode.length; index < quantity; index += 1) { |
1271 | 1274 | if (Array.isArray(keyNode[index])) { |
1272 | 1275 | throwError(state, 'nested arrays are not supported inside keys'); |
1273 | 1276 | } |
| 1277 | + |
| 1278 | + if (typeof keyNode === 'object' && _class(keyNode[index]) === '[object Object]') { |
| 1279 | + keyNode[index] = '[object Object]'; |
| 1280 | + } |
1274 | 1281 | } |
1275 | 1282 | } |
1276 | 1283 |
|
| 1284 | + // Avoid code execution in load() via toString property |
| 1285 | + // (still use its own toString for arrays, timestamps, |
| 1286 | + // and whatever user schema extensions happen to have @@toStringTag) |
| 1287 | + if (typeof keyNode === 'object' && _class(keyNode) === '[object Object]') { |
| 1288 | + keyNode = '[object Object]'; |
| 1289 | + } |
| 1290 | + |
| 1291 | + |
1277 | 1292 | keyNode = String(keyNode); |
1278 | 1293 |
|
1279 | 1294 | if (_result === null) { |
|
0 commit comments