Testing version: 0.8.31 [Test 1] Array literal with Map.prototype (original vulnerability) [Test 2] Object literal with Map.prototype property [Test 3] Nested array with prototype [Test 4] Array destructuring [Test 5] Spread operator [Test 6] Array concat [Test 7] Array slice [Test 8] Function constructor prototype [Test 9] Object.create with Map.prototype [Test 10] Class extending Map [Test 11] Set prototype via array [Test 12] Array prototype via array [Test 13] Object prototype via array [Test 14] Using .constructor.prototype [Test 15] Using __proto__ via array ---RESULTS--- { "version": "0.8.31", "tests": [ { "name": "Array literal Map.prototype", "code": "const arr = [Map.prototype]; arr[0]._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Object literal Map.prototype", "code": "const obj = {p: Map.prototype}; obj.p._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Nested array", "code": "const arr = [[Map.prototype]]; const p = arr[0][0]; p._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Array destructuring", "code": "const [p] = [Map.prototype]; p._test = \"pwned\"; return \"done\";", "error": "Unexpected token 'const': const [p] = [Map.prototype]", "result": null, "polluted": false, "blocked": false }, { "name": "Spread operator", "code": "const arr = [...[Map.prototype]]; arr[0]._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Array concat", "code": "const arr = [].concat([Map.prototype]); arr[0]._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Array slice", "code": "const arr = [Map.prototype]; const p = arr.slice(0)[0]; p._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Function constructor", "code": "function F(){}; F.prototype._test = \"pwned\"; const f = new F(); return f._test;", "error": null, "result": "pwned", "polluted": false, "blocked": null }, { "name": "Object.create", "code": "const obj = Object.create(Map.prototype); obj._test = \"pwned\"; return \"done\";", "error": "Static method or property access not permitted: Object.create", "result": null, "polluted": false, "blocked": true }, { "name": "Class extends", "code": "class M extends Map {}; M.prototype._test = \"pwned\"; return \"done\";", "error": "Unexpected token 'class': class M extends Map {}", "result": null, "polluted": false, "blocked": false }, { "name": "Set prototype array", "code": "const arr = [Set.prototype]; arr[0]._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Array prototype array", "code": "const arr = [Array.prototype]; arr[0]._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "Object prototype array", "code": "const arr = [Object.prototype]; arr[0]._test = \"pwned\"; return \"done\";", "error": "Static method or property access not permitted: Object.prototype", "result": null, "polluted": false, "blocked": true }, { "name": "Constructor.prototype", "code": "const arr = [new Map()]; const p = arr[0].constructor.prototype; p._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true }, { "name": "__proto__ via array", "code": "const arr = [new Map()]; const p = arr[0].__proto__; p._test = \"pwned\"; return \"done\";", "error": "Access to prototype of global object is not permitted", "result": null, "polluted": false, "blocked": true } ] }