Merge pull request #240 from AmazingMech2418/patch-1

Fix #239

Author: richardgirges

lib/processNested.js

@@ -1,4 +1,6 @@
-const INVALID_KEYS = ['__proto__', 'constructor'];
+const OBJECT_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Object.prototype);
+const ARRAY_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Array.prototype);
+
 
 module.exports = function(data){
   if (!data || data.length < 1) return {};
@@ -19,7 +21,8 @@ module.exports = function(data){
       let k = keyParts[index];
 
       // Ensure we don't allow prototype pollution
-      if (INVALID_KEYS.includes(k)) {
+      const IN_ARRAY_PROTOTYPE = ARRAY_PROTOTYPE_KEYS.includes(k) && Array.isArray(current);
+      if (OBJECT_PROTOTYPE_KEYS.includes(k) || IN_ARRAY_PROTOTYPE) {
         continue;
       }
 
@@ -32,5 +35,7 @@ module.exports = function(data){
     }
   }
 
+  
+  
   return d;
-};
+};