mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
9ce2dd8df9
## Summary 1. Extends the server-side prototype pollution protections introduced in https://github.com/elastic/kibana/pull/190716 to include `Array.prototype`. 2. Applies the same prototype pollution protections to the client-side. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] Sealing prototypes on the client can lead to failures in third-party dependencies. I'm relying on sufficient functional test coverage to detect issues here. As a result, these protections are disabled by default for now, and can be controlled via setting `server.prototypeHardening: true/false` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| fixtures/plugins/coverage | ||
| plugins | ||
| services | ||
| config.js | ||
| configure_http2.ts | ||