Robustness improvements for markup parser and core extend utility. Switched to Debug.warnOnce for forbidden keys to avoid CI noise, and replaced hasOwnProperty with safe Object.prototype calls across all tagging logic.

Author: RinZ27

src/core/core.js

@@ -9,21 +9,23 @@ const version = '$_CURRENT_SDK_VERSION';
  */
 const revision = '$_CURRENT_SDK_REVISION';
 
+import { Debug } from './debug.js';
+
 /**
  * Merge the contents of two objects into a single object.
  *
  * @param {object} target - The target object of the merge.
- * @param {object} ex - The object that is merged with target.
+ * @param {object} ex - The object to be merged into the target.
  * @returns {object} The target object.
  * @example
- * const A = {
+ * var A = {
  *     a: function () {
- *         console.log(this.a);
+ *         console.log('a');
  *     }
  * };
- * const B = {
+ * var B = {
  *     b: function () {
- *         console.log(this.b);
+ *         console.log('b');
  *     }
  * };
  *
@@ -36,12 +38,28 @@ const revision = '$_CURRENT_SDK_REVISION';
  */
 function extend(target, ex) {
     for (const prop in ex) {
+        if (!Object.prototype.hasOwnProperty.call(ex, prop)) {
+            continue;
+        }
+
+        const isForbidden = prop === '__proto__' || prop === 'constructor' || prop === 'prototype';
+        if (isForbidden) {
+            Debug.warnOnce(`Ignoring forbidden property: ${prop}`);
+            continue;
+        }
+
         const copy = ex[prop];
 
         if (Array.isArray(copy)) {
-            target[prop] = extend([], copy);
+            if (!Array.isArray(target[prop])) {
+                target[prop] = [];
+            }
+            extend(target[prop], copy);
         } else if (copy && typeof copy === 'object') {
-            target[prop] = extend({}, copy);
+            if (!target[prop] || typeof target[prop] !== 'object') {
+                target[prop] = {};
+            }
+            extend(target[prop], copy);
         } else {
             target[prop] = copy;
         }
@@ -50,4 +68,5 @@ function extend(target, ex) {
     return target;
 }
 
+
 export { extend, revision, version };

src/framework/components/element/markup.js

@@ -1,3 +1,5 @@
+import { Debug } from '../../../core/debug.js';
+
 // markup scanner
 
 // list of scanner tokens
@@ -334,12 +336,19 @@ class Parser {
 // of assign)
 function merge(target, source) {
     for (const key in source) {
-        if (!source.hasOwnProperty(key)) {
+        if (!Object.prototype.hasOwnProperty.call(source, key)) {
             continue;
         }
+
+        const isForbidden = key === '__proto__' || key === 'constructor' || key === 'prototype';
+        Debug.assert(!isForbidden, `Ignoring forbidden property: ${key}`);
+        if (isForbidden) {
+            continue;
+        }
+
         const value = source[key];
         if (value instanceof Object) {
-            if (!target.hasOwnProperty(key)) {
+            if (!Object.prototype.hasOwnProperty.call(target, key)) {
                 target[key] = { };
             }
             merge(target[key], source[key]);
@@ -380,7 +389,7 @@ function resolveMarkupTags(tags, numSymbols) {
     const edges = { };
     for (let index = 0; index < tags.length; ++index) {
         const tag = tags[index];
-        if (!edges.hasOwnProperty(tag.start)) {
+        if (!Object.prototype.hasOwnProperty.call(edges, tag.start)) {
             edges[tag.start] = { open: [tag], close: null };
         } else {
             if (edges[tag.start].open === null) {
@@ -390,7 +399,7 @@ function resolveMarkupTags(tags, numSymbols) {
             }
         }
 
-        if (!edges.hasOwnProperty(tag.end)) {
+        if (!Object.prototype.hasOwnProperty.call(edges, tag.end)) {
             edges[tag.end] = { open: null, close: [tag] };
         } else {
             if (edges[tag.end].close === null) {