SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358

[lhc/web/wiklou.git] / resources / lib / jquery / jquery.js

diff --git a/resources/lib/jquery/jquery.js b/resources/lib/jquery/jquery.js
index 9b5206b..34a5703 100644 (file)
--- a/resources/lib/jquery/jquery.js
+++ b/resources/lib/jquery/jquery.js
@@ -261,8 +261,9 @@ jQuery.extend = jQuery.fn.extend = function() {
                                src = target[ name ];
                                copy = options[ name ];
 
+                               // Prevent Object.prototype pollution
                                // Prevent never-ending loop
-                               if ( target === copy ) {
+                               if ( name === "__proto__" || target === copy ) {
                                        continue;
                                }