fix: prototype pollution

for curiousity’s sake, I checked if this has any
significant performance impact and it does not.

Based on 10 runs before and after, all values in
percent:

                         MED    AVG
get first level property 0.37	0.42
get second level property 0.40	0.61
get third level property 0.26	0.41
set first level property 2.25	2.16
set second level property 1.45	1.67
set third level property 2.05	1.98
push property into array -0.41	-0.51

2.25% slowdown as a worst case is not significant.

Author: janl

jsonpointer.js

@@ -17,6 +17,9 @@ function setter (obj, pointer, value) {
   var part
   var hasNextPart
 
+  if (pointer[1] === 'constructor' && pointer[2] === 'prototype') return obj
+  if (pointer[1] === '__proto__') return obj
+
   for (var p = 1, len = pointer.length; p < len;) {
     part = untilde(pointer[p++])
     hasNextPart = len > p

test.js

@@ -128,4 +128,12 @@ assert.equal(pointer.set(a, 'test'), 'bar')
 assert.equal(pointer.get(a), 'test')
 assert.deepEqual(a, {foo: 'test'})
 
+var b = {}
+jsonpointer.set({}, '/constructor/prototype/boo', 'polluted')
+assert(!b.boo, 'should not boo')
+
+var c = {}
+jsonpointer.set({}, '/__proto__/boo', 'polluted')
+assert(!c.boo, 'should not boo')
+
 console.log('All tests pass.')