From dd165ecf63537177092f4143b88b024eca3a4956 Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Thu, 24 Jul 2014 17:48:42 -0700
Subject: [PATCH] paypro: root certs - do not inherit from Object.

---
 browser/root-certs      | 9 +++++++--
 lib/common/RootCerts.js | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/browser/root-certs b/browser/root-certs
index f5dc0e2..f76bc74 100755
--- a/browser/root-certs
+++ b/browser/root-certs
@@ -34,6 +34,8 @@ function getRootCerts(callback) {
           + '"' + key + '":\n';
     });
     body += ''
+      + '\n'
+      + 'certs.__proto__ = null;\n'
       + '\n'
       + '// Use hash table for efficiency:\n'
       + 'var trusted = Object.keys(certs).reduce(function(trusted, key) {\n'
@@ -43,18 +45,21 @@ function getRootCerts(callback) {
       + '  pem = pem.replace(/\\s+/g, "");\n'
       + '  trusted[pem] = key;\n'
       + '  return trusted;\n'
-      + '}, {});\n'
+      + '}, { __proto__: null });\n'
       + '\n'
       + 'function getTrusted(pem) {\n'
       + '  pem = pem + "";\n'
       + '  pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");\n'
       + '  pem = pem.replace(/-----END CERTIFICATE-----/g, "");\n'
       + '  pem = pem.replace(/\\s+/g, "");\n'
+      + '  if (pem === "__proto__") return;\n'
       + '  return certs[pem];\n'
       + '}\n'
       + '\n'
       + 'function getCert(name) {\n'
-      + '  return trusted[name.replace(/^\s+|\s+$/g, "")];\n'
+      + '  name = name.replace(/^\s+|\s+$/g, "");\n'
+      + '  if (name === "__proto__") return;\n'
+      + '  return trusted[name];\n'
       + '}\n'
       + '\n'
       + 'exports.certs = certs;\n'
diff --git a/lib/common/RootCerts.js b/lib/common/RootCerts.js
index 5e7bb80..f4efa35 100644
--- a/lib/common/RootCerts.js
+++ b/lib/common/RootCerts.js
@@ -3704,6 +3704,8 @@ var certs = {
 + "-----END CERTIFICATE-----\n"
 };
 
+certs.__proto__ = null;
+
 // Use hash table for efficiency:
 var trusted = Object.keys(certs).reduce(function(trusted, key) {
   var pem = certs[key];
@@ -3712,18 +3714,21 @@ var trusted = Object.keys(certs).reduce(function(trusted, key) {
   pem = pem.replace(/\s+/g, "");
   trusted[pem] = key;
   return trusted;
-}, {});
+}, { __proto__: null });
 
 function getTrusted(pem) {
   pem = pem + "";
   pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");
   pem = pem.replace(/-----END CERTIFICATE-----/g, "");
   pem = pem.replace(/\s+/g, "");
+  if (pem === "__proto__") return;
   return certs[pem];
 }
 
 function getCert(name) {
-  return trusted[name.replace(/^s+|s+$/g, "")];
+  name = name.replace(/^s+|s+$/g, "");
+  if (name === "__proto__") return;
+  return trusted[name];
 }
 
 exports.certs = certs;