From 06f65d2317dac2491c10c0ef7eb1ad52d7498c83 Mon Sep 17 00:00:00 2001
From: Zhigang Zhang <hizzgdev@163.com>
Date: Sun, 14 Dec 2025 23:40:09 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 2:
 Prototype-polluting function

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/jsmind.util.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/jsmind.util.js b/src/jsmind.util.js
index bf1b2c22..3e40b66d 100644
--- a/src/jsmind.util.js
+++ b/src/jsmind.util.js
@@ -74,6 +74,9 @@ export const util = {
         },
         merge: function (b, a) {
             for (var o in a) {
+                if (o === '__proto__' || o === 'constructor' || o === 'prototype') {
+                    continue;
+                }
                 if (o in b) {
                     if (
                         typeof b[o] === 'object' &&