Ask questionsImplement a __proto__ check option
Eran Hammer posted an article on proto poisoning and his solution in joi/hapi: https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061
@rgrove posted a simple implementation of a fix for this: https://gist.github.com/rgrove/3ea9421b3912235e978f55e291f19d5d
However the fix requires a custom reviver that might slow down the default/valid parsing case, Eran prevented this by using an initial check for
__proto__. It might be good to add this as a default to be checked for in body-parser in general that can be switched off... if someone wants to do so.
Answer questions RA80533
Do any of you personally use Express without prototype sanitization? What areas of your services would suffer as a result of Express handling prototype sanitization?