Reset prototype of XML after parsing

yadhukrishnam · yadhukrishnam · commit 9e569b71967d · 2021-05-18T17:35:12.000+05:30
diff --git a/index.js b/index.js
@@ -43,6 +43,8 @@ module.exports = function (bodyParser) {
             return next(err);
           }
 
+          // Set the prototype of parsed xml object to null, so that prototype pollution is prevented.
+          xml.__proto__ = undefined;
           req.body = xml || req.body;
           next();
         });

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@ module.exports = function (bodyParser) {`
`43`	`43`	`return next(err);`
`44`	`44`	`}`
`45`	`45`
	`46`	`+ // Set the prototype of parsed xml object to null, so that prototype pollution is prevented.`
	`47`	`+ xml.__proto__ = undefined;`
`46`	`48`	`req.body = xml \|\| req.body;`
`47`	`49`	`next();`
`48`	`50`	`});`