From 00390a198750c7201d6f7e5640ea4e3d81c74c70 Mon Sep 17 00:00:00 2001
From: legobt <6wbvkn0j@anonaddy.me>
Date: Thu, 4 Jul 2024 12:50:20 +0000
Subject: [PATCH] glossary: add section on protoype pollution

---
 src/content/docs/reference/glossary.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/reference/glossary.md b/src/content/docs/reference/glossary.md
index 011e0d3..340a282 100644
--- a/src/content/docs/reference/glossary.md
+++ b/src/content/docs/reference/glossary.md
@@ -92,7 +92,21 @@ See the [TC39 glossary][tc39-glossary-primordial-ext] for more information.
 
 ## Prototype pollution
 
-TODO
+A class of JavaScript vulnerabilities and bugs where a modification is inadvertently made on an object prototype. For example,using unsitized user input for keys, the following:
+
+```
+myObj[key] = {};
+myObj[key].totallySafe = true;
+```
+
+could result in overriding functions on the global `Object` prototype:
+
+```
+myObj["__proto__"].totallySafe = val
+const uncheckedObj = {};
+console.log(uncheckedObj.totallySafe) // true
+```
+
 
 ## Realm