From b2f0aaec8a85d9ed7ef3274194371163b9e5b778 Mon Sep 17 00:00:00 2001
From: lloydchang <lloydchang@gmail.com>
Date: Wed, 11 Dec 2024 02:18:49 -0800
Subject: [PATCH] Fix code scanning alert no. 2: Prototype-polluting function

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 webview-ui/src/components/history/HistoryView.tsx | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/webview-ui/src/components/history/HistoryView.tsx b/webview-ui/src/components/history/HistoryView.tsx
index 76a0e19..bec38af 100644
--- a/webview-ui/src/components/history/HistoryView.tsx
+++ b/webview-ui/src/components/history/HistoryView.tsx
@@ -462,10 +462,13 @@ export const highlight = (
 		let i: number
 
 		for (i = 0; i < pathValue.length - 1; i++) {
+			if (pathValue[i] === "__proto__" || pathValue[i] === "constructor") return
 			obj = obj[pathValue[i]] as Record<string, any>
 		}
 
-		obj[pathValue[i]] = value
+		if (pathValue[i] !== "__proto__" && pathValue[i] !== "constructor") {
+			obj[pathValue[i]] = value
+		}
 	}
 
 	// Function to merge overlapping regions