fix: harden prototype pollution

harlan-zw · harlan-zw · commit a6ed9f989cb7 · 2026-03-10T15:18:30.000+11:00
diff --git a/packages/angular/server/src/ssr.service.ts b/packages/angular/server/src/ssr.service.ts
@@ -15,7 +15,7 @@ function attrToElement(element: HTMLElement, acc: string) {
   else if (key === 'style') {
     const styleObj = value.split(';').reduce((acc, style) => {
       const [prop, val] = style.split(':').map(s => s.trim())
-      if (prop && val)
+      if (prop && val && prop !== '__proto__' && prop !== 'constructor' && prop !== 'prototype')
         acc[prop] = val
       return acc
     }, {} as Record<string, string>)
diff --git a/packages/schema-org/src/core/graph.ts b/packages/schema-org/src/core/graph.ts
@@ -83,7 +83,7 @@ export function createSchemaOrgGraph(): SchemaOrgGraph {
       }
 
       // Dedupe and build nodeIndex in single pass
-      const dedupedNodes: Record<Id, SchemaOrgNode> = {}
+      const dedupedNodes: Record<Id, SchemaOrgNode> = Object.create(null)
       ctx.nodeIndex = new Map()
       for (let i = 0; i < ctx.nodes.length; i++) {
         const n = ctx.nodes[i]
@@ -128,7 +128,7 @@ export function createSchemaOrgGraph(): SchemaOrgGraph {
 
       // Final normalization: sort keys and dedupe only if new nodes were added
       const needsDedupe = ctx.nodes.length > countBeforeRelations
-      const normalizedNodes: Record<Id, SchemaOrgNode> = needsDedupe ? {} : null!
+      const normalizedNodes: Record<Id, SchemaOrgNode> = needsDedupe ? Object.create(null) : null!
       const result: SchemaOrgNode[] = needsDedupe ? null! : []
 
       for (let i = 0; i < ctx.nodes.length; i++) {
@@ -174,7 +174,7 @@ export function createSchemaOrgGraph(): SchemaOrgGraph {
     },
     nodes: [],
     nodeIndex: new Map(),
-    nodeIdCounters: {},
+    nodeIdCounters: Object.create(null),
     meta: {} as ResolvedMeta,
   }
   return ctx
diff --git a/packages/schema-org/src/core/util.ts b/packages/schema-org/src/core/util.ts
@@ -1,9 +1,11 @@
+const UNSAFE_KEYS = new Set(['__proto__', 'constructor', 'prototype'])
+
 export function merge(target: any, source: any): any {
   if (!source)
     return target
 
   for (const key in source) {
-    if (!Object.prototype.hasOwnProperty.call(source, key))
+    if (!Object.hasOwn(source, key) || UNSAFE_KEYS.has(key))
       continue
 
     const value = source[key]
@@ -28,7 +30,7 @@ export function merge(target: any, source: any): any {
         }
         // potentialAction - dedupe by @type, merge targets
         else if (key === 'potentialAction') {
-          const byType: Record<string, any> = {}
+          const byType: Record<string, any> = Object.create(null)
           for (const action of merged) {
             const type = action['@type']
             if (byType[type]) {
diff --git a/packages/schema-org/src/plugin.ts b/packages/schema-org/src/plugin.ts
@@ -8,6 +8,8 @@ import {
 import { resolveMeta } from './core/resolve'
 import { loadResolver } from './resolver'
 
+const UNSAFE_KEYS = new Set(['__proto__', 'constructor', 'prototype'])
+
 // Recursively collect all resolver strings from nested objects and preload them
 async function preloadNestedResolvers(obj: any): Promise<void> {
   if (!obj || typeof obj !== 'object')
@@ -24,6 +26,8 @@ async function preloadNestedResolvers(obj: any): Promise<void> {
   }
 
   for (const key in obj) {
+    if (!Object.hasOwn(obj, key) || UNSAFE_KEYS.has(key))
+      continue
     const val = obj[key]
     if (val && typeof val === 'object') {
       if (Array.isArray(val)) {
@@ -44,7 +48,7 @@ async function preloadNestedResolvers(obj: any): Promise<void> {
 function mergeObjects(target: any, source: any): any {
   const result = { ...target }
   for (const key in source) {
-    if (!Object.prototype.hasOwnProperty.call(source, key) || source[key] === undefined)
+    if (!Object.hasOwn(source, key) || source[key] === undefined || UNSAFE_KEYS.has(key))
       continue
 
     const isNestedObject = result[key]
diff --git a/packages/schema-org/test/ssr/prototype-pollution.test.ts b/packages/schema-org/test/ssr/prototype-pollution.test.ts
@@ -0,0 +1,81 @@
+import { defineOrganization, defineWebPage, useSchemaOrg } from '@unhead/schema-org'
+import { renderSSRHead } from '@unhead/ssr'
+import { describe, expect, it } from 'vitest'
+import { useSetup } from '..'
+
+describe('schema.org prototype pollution', () => {
+  it('merge strips __proto__ from schema nodes', async () => {
+    const ssrHead = await useSetup((head) => {
+      useSchemaOrg(head, [
+        defineWebPage({
+          name: 'test',
+          ...JSON.parse('{"__proto__":{"polluted":true}}'),
+        }),
+      ])
+    })
+
+    await renderSSRHead(ssrHead)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('merge strips constructor from schema nodes', async () => {
+    const ssrHead = await useSetup((head) => {
+      useSchemaOrg(head, [
+        defineOrganization({
+          name: 'Test Org',
+          constructor: { prototype: { polluted: true } },
+        } as any),
+      ])
+    })
+
+    await renderSSRHead(ssrHead)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('merge strips prototype from schema nodes', async () => {
+    const ssrHead = await useSetup((head) => {
+      useSchemaOrg(head, [
+        defineWebPage({
+          name: 'test',
+          prototype: { polluted: true },
+        } as any),
+      ])
+    })
+
+    await renderSSRHead(ssrHead)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('preserves valid schema data while stripping dangerous keys', async () => {
+    const ssrHead = await useSetup((head) => {
+      useSchemaOrg(head, [
+        defineWebPage({
+          name: 'My Page',
+          description: 'A safe description',
+          ...JSON.parse('{"__proto__":{"polluted":true}}'),
+        }),
+      ])
+    })
+
+    const data = await renderSSRHead(ssrHead)
+    expect(data.bodyTags).toContain('"name": "My Page"')
+    expect(data.bodyTags).toContain('"description": "A safe description"')
+    expect(data.bodyTags).not.toContain('__proto__')
+    expect(data.bodyTags).not.toContain('polluted')
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('handles __proto__ in deeply nested objects', async () => {
+    const ssrHead = await useSetup((head) => {
+      useSchemaOrg(head, [
+        defineOrganization({
+          name: 'Test Org',
+          address: JSON.parse('{"streetAddress":"123 Main St","__proto__":{"polluted":true}}'),
+        } as any),
+      ])
+    })
+
+    await renderSSRHead(ssrHead)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+})
diff --git a/packages/unhead/src/plugins/safe.ts b/packages/unhead/src/plugins/safe.ts
@@ -97,7 +97,7 @@ function stripProtoKeys(obj: any): any {
   if (obj && typeof obj === 'object') {
     const clean: Record<string, any> = {}
     for (const key of Object.keys(obj)) {
-      if (key === '__proto__' || key === 'constructor')
+      if (key === '__proto__' || key === 'constructor' || key === 'prototype')
         continue
       clean[key] = stripProtoKeys(obj[key])
     }
diff --git a/packages/unhead/src/utils/normalize.ts b/packages/unhead/src/utils/normalize.ts
@@ -60,6 +60,8 @@ export function normalizeProps(tag: HeadTag, input: Record<string, any>): HeadTa
   }
 
   Object.entries(input).forEach(([key, value]) => {
+    if (key === '__proto__' || key === 'constructor' || key === 'prototype')
+      return
     // if the value is a primitive, return early
     if (value === null) {
       // @ts-expect-error untyped
diff --git a/packages/unhead/test/unit/server/prototype-pollution.test.ts b/packages/unhead/test/unit/server/prototype-pollution.test.ts
@@ -0,0 +1,103 @@
+import { describe, expect, it } from 'vitest'
+import { renderSSRHead } from '../../../src/server'
+import { createServerHeadWithContext } from '../../util'
+
+describe('prototype pollution', () => {
+  it('strips __proto__ from meta props', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      meta: [
+        JSON.parse('{"name":"description","content":"safe","__proto__":{"polluted":true}}'),
+      ],
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips constructor from meta props', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      meta: [
+        { name: 'description', content: 'safe', constructor: { prototype: { polluted: true } } } as any,
+      ],
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips prototype from meta props', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      meta: [
+        { name: 'description', content: 'safe', prototype: { polluted: true } } as any,
+      ],
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips __proto__ from htmlAttrs', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      htmlAttrs: JSON.parse('{"lang":"en","__proto__":{"polluted":true}}'),
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips __proto__ from bodyAttrs', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      bodyAttrs: JSON.parse('{"class":"dark","__proto__":{"polluted":true}}'),
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips __proto__ from script props', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      script: [
+        JSON.parse('{"src":"https://example.com/app.js","__proto__":{"polluted":true}}'),
+      ],
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('strips __proto__ from link props', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      link: [
+        JSON.parse('{"rel":"stylesheet","href":"/style.css","__proto__":{"polluted":true}}'),
+      ],
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+
+  it('preserves valid props while stripping dangerous keys', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      meta: [
+        JSON.parse('{"name":"description","content":"hello","__proto__":{"polluted":true}}'),
+      ],
+    })
+    const ctx = await renderSSRHead(head)
+    expect(ctx.headTags).toContain('name="description"')
+    expect(ctx.headTags).toContain('content="hello"')
+    expect(ctx.headTags).not.toContain('__proto__')
+    expect(ctx.headTags).not.toContain('polluted')
+  })
+
+  it('strips nested __proto__ in style objects', async () => {
+    const head = createServerHeadWithContext()
+    head.push({
+      htmlAttrs: {
+        style: JSON.parse('{"color":"red","__proto__":{"polluted":true}}'),
+      } as any,
+    })
+    await renderSSRHead(head)
+    expect(({} as any).polluted).toBeUndefined()
+  })
+})

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ function stripProtoKeys(obj: any): any {`
`97`	`97`	`if (obj && typeof obj === 'object') {`
`98`	`98`	`const clean: Record<string, any> = {}`
`99`	`99`	`for (const key of Object.keys(obj)) {`
`100`		`- if (key === '__proto__' \|\| key === 'constructor')`
	`100`	`+ if (key === '__proto__' \|\| key === 'constructor' \|\| key === 'prototype')`
`101`	`101`	`continue`
`102`	`102`	`clean[key] = stripProtoKeys(obj[key])`
`103`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,8 @@ export function normalizeProps(tag: HeadTag, input: Record<string, any>): HeadTa`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`Object.entries(input).forEach(([key, value]) => {`
	`63`	`+ if (key === '__proto__' \|\| key === 'constructor' \|\| key === 'prototype')`
	`64`	`+ return`
`63`	`65`	`// if the value is a primitive, return early`
`64`	`66`	`if (value === null) {`
`65`	`67`	`// @ts-expect-error untyped`