File tree Expand file tree Collapse file tree 2 files changed +3
-2
lines changed Expand file tree Collapse file tree 2 files changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -43,15 +43,16 @@ module.exports = function (bodyParser) {
4343 return next ( err ) ;
4444 }
4545
46- // Prevent setting __proto__ and constructor.prototype
4746 if ( xml ) {
4847 // Guard against prototype pollution
4948 delete xml . __proto__ ;
5049 delete xml . constructor ;
5150 delete xml . prototype ;
5251
52+ // Set result on the request body
5353 req . body = xml ;
5454 }
55+
5556 next ( ) ;
5657 } ) ;
5758 } ) ;
Original file line number Diff line number Diff line change @@ -140,7 +140,7 @@ describe('XML Body Parser', function () {
140140 . expect ( 200 , { parsed : { } } , done ) ;
141141 } ) ;
142142
143- it ( 'should not set/change using __proto__ ' , function ( done ) {
143+ it ( 'should not set/change using prototype ' , function ( done ) {
144144 createServer ( ) ;
145145 request ( app )
146146 . post ( '/' )
You can’t perform that action at this time.
0 commit comments