(parser) use null prototype objects for languages/aliases (#2636)

Fix: Discord uses getLanguage to validate that a language specified exists in highlightJS and retrieve metadata about the language for code block highlighting in chat. Because highlightJS returns prototype values instead of the highlight languages themselves, the result is a few different bugs in our clients which expect the return type to be only `Language | undefined`.

Author: night

CHANGES.md

@@ -1,3 +1,12 @@
+## Version 10.1.2
+
+Fixes:
+
+- fix(night) Prevent object prototype values from being returned by `getLanguage` (#2636) [night][]
+
+[night]: https://github.com/night
+
+
 ## Version 10.1.1
 
 Fixes:

src/highlight.js

@@ -29,9 +29,9 @@ const HLJS = function(hljs) {
 
   // Global internal variables used within the highlight.js library.
   /** @type {Record<string, Language>} */
-  var languages = {};
+  var languages = Object.create(null);
   /** @type {Record<string, string>} */
-  var aliases = {};
+  var aliases = Object.create(null);
   /** @type {HLJSPlugin[]} */
   var plugins = [];
 

test/api/getLanguage.js

@@ -41,4 +41,16 @@ describe('.getLanguage()', () => {
     result.should.have.property('aliases').with.containEql('cs');
     should.strictEqual(result, hljs.getLanguage('csharp'))
   });
+
+  it('should not succeed for constructor', () => {
+    const result = hljs.getLanguage('constructor');
+
+    should.strictEqual(result, undefined);
+  });
+
+  it('should not succeed for __proto__', () => {
+    const result = hljs.getLanguage('__proto__');
+
+    should.strictEqual(result, undefined);
+  });
 });