fix(security): harden account-key handling against prototype pollution

2026-05-08 01:11:23 +00:00 · 2026-02-24 01:09:23 +00:00
parent 12cc754332
commit f97c0922e1
24 changed files with 141 additions and 111 deletions
--- a/src/infra/prototype-keys.ts
+++ b/src/infra/prototype-keys.ts
@@ -0,0 +1,5 @@
+const BLOCKED_OBJECT_KEYS = new Set(["__proto__", "prototype", "constructor"]);
+
+export function isBlockedObjectKey(key: string): boolean {
+  return BLOCKED_OBJECT_KEYS.has(key);
+}