Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-02-02 16:17:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add _.restrict(source, *keys)

Browse Source 
Return a clone of the source with only the properties named in *keys
(either stings or arrays containing strings).

Especially useful for avoiding mass-assignment vulnerabilities.
This commit is contained in:
Chris Leishman
2012-03-24 12:26:03 -07:00
parent 00ed5d70c8
commit 7c95237845
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
index.html
View File

@@ -1014,6 +1014,19 @@ _.functions(_);
<pre>
_.extend({name : 'moe'}, {age : 50});
=&gt; {name : 'moe', age : 50}
</pre>
<p id="restrict">
<b class="header">restrict</b><code>_.restrict(source, *keys)</code>
<br />
Return a clone of the <b>source</b> with only the properties with the
property names, or arrays of property names, provided in <b>keys</b>.
</p>
<pre>
_.restrict({name : 'moe', age: 50, userid : 'moe1'}, 'name', 'age');
=&gt; {name : 'moe', age : 50}
_.restrict({name : 'moe', age: 50, userid : 'moe1'}, ['name', 'age']);
=&gt; {name : 'moe', age : 50}
</pre>
<p id="defaults">

10
test/objects.js
View File

@@ -41,6 +41,16 @@ $(document).ready(function() {
equal(_.keys(result).join(''), 'ab', 'extend does not copy undefined values');
});
test("objects: restrict", function() {
var result;
result = _.restrict({a:1, b:2, c:3}, 'a', 'c');
ok(_.isEqual(result, {a:1, c:3}), 'can restrict properties to those named');
result = _.restrict({a:1, b:2, c:3}, ['b', 'c']);
ok(_.isEqual(result, {b:2, c:3}), 'can restrict properties to those named in an array');
result = _.restrict({a:1, b:2, c:3}, ['a'], 'b');
ok(_.isEqual(result, {a:1, b:2}), 'can restrict properties to those named in mixed args');
});
test("objects: defaults", function() {
var result;
var options = {zero: 0, one: 1, empty: "", nan: NaN, string: "string"};

10
underscore.js
View File

@@ -645,6 +645,16 @@
return obj;
};
// Restrict a given object to the properties named
_.restrict = function(obj) {
if (obj !== Object(obj)) throw new TypeError('Invalid object');
var dest = {};
each(_.flatten(slice.call(arguments, 1)), function(prop) {
if (prop in obj) dest[prop] = obj[prop];
});
return dest;
};
// Fill in a given object with default properties.
_.defaults = function(obj) {
each(slice.call(arguments, 1), function(source) {