Keyword suggestion: prevent shadowing properties in Object.prototype

[plievone]

trafficstars

Hi, a variant of "propertyNames" keyword could strip property names in Object.prototype. It could be a fast version with a key in Object.prototype check, and I'd like to use it whenever I allow additionalProperties. The reason I'm suggesting this is that currently quite often people just use JSON.parse and don't consider that if they get a malicious object such as {"toString":null} it will quite easily break downstream as some logging, string concatenation or similar will call toString on it. Similar with other properties in Object.prototype, and it would be nice to avoid the function call in "propertyNames" with this keyword variant.

[epoberezkin]

Maybe a keyword {"prototypePropertyOf": "Object"} similar to instanceOf that checks that the string is a prototype property of this class and then you can have { "not": {"prototypePropertyOf": "Object"}}?

[epoberezkin]

And if you want to filter out some property that fail some schema validation you could: {"filterProperties": {...}} where ... could be { "not": {"prototypePropertyOf": "Object"}}.

[plievone]

That is a good idea, and maybe it could be just propertyOf so one could use Object.prototype or some other object as needed. In the meantime perhaps I'll look into implementing a custom keyword to just filter those Object.prototype properties quickly, using these keywords as a template.

[epoberezkin]

It won't work as propertyOf... the keyword value should be serialisable (e.g. a string), it can't be a reference to a prototype.