From db7ec8b44e80b944e0f313b9ec967b5a54df2813 Mon Sep 17 00:00:00 2001
From: Mario Heiderich <mario@cure53.de>
Date: Thu, 27 Aug 2020 13:57:48 +0200
Subject: [PATCH] chore: added test for prototype pollution protection

---
 test/test-suite.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/test/test-suite.js b/test/test-suite.js
index 03c8d514b..27037d9da 100644
--- a/test/test-suite.js
+++ b/test/test-suite.js
@@ -1464,4 +1464,16 @@ module.exports = function (DOMPurify, window, tests, xssTests) {
       ]);
     }
   );
+  QUnit.test(
+    'Test protection from prototype pollution attacks',
+    function (assert) {
+
+      const obj = JSON.parse('{"ALLOWED_ATTR":["onerror","src"]}');
+      for (let [k, v] of Object.entries(obj)) {
+        Object.prototype[k] = v;
+      }
+      var clean = DOMPurify.sanitize('<img src=x onerror=alert(1)>');
+      assert.equal(clean, '<img src="x">');
+    }
+  );
 };