Protect from object prototype modifications

Fixes #534

4 files changed, 15 insertions, 2 deletions

diff --git a/dist/handlebars.js b/dist/handlebars.js
index 56b6fea..023c9ef 100644
--- a/dist/handlebars.js
+++ b/dist/handlebars.js
@@ -1406,7 +1406,9 @@ JavaScriptCompiler.prototype = {
     // Generate minimizer alias mappings
     if (!this.isChild) {
       for (var alias in this.context.aliases) {
-        this.source[1] = this.source[1] + ', ' + alias + '=' + this.context.aliases[alias];
+        if (this.context.aliases.hasOwnProperty(alias)) {
+          this.source[1] = this.source[1] + ', ' + alias + '=' + this.context.aliases[alias];
+        }
       }
     }
 
diff --git a/lib/handlebars/compiler/compiler.js b/lib/handlebars/compiler/compiler.js
index d40e5f8..7777456 100644
--- a/lib/handlebars/compiler/compiler.js
+++ b/lib/handlebars/compiler/compiler.js
@@ -538,7 +538,9 @@ JavaScriptCompiler.prototype = {
     // Generate minimizer alias mappings
     if (!this.isChild) {
       for (var alias in this.context.aliases) {
-        this.source[1] = this.source[1] + ', ' + alias + '=' + this.context.aliases[alias];
+        if (this.context.aliases.hasOwnProperty(alias)) {
+          this.source[1] = this.source[1] + ', ' + alias + '=' + this.context.aliases[alias];
+        }
       }
     }
 
diff --git a/release-notes.md b/release-notes.md
index b233bd6..ae0a325 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -6,6 +6,7 @@
 - [#519](https://github.com/wycats/handlebars.js/issues/519) - Fix partials with . name ([@jamesgorrie](https://github.com/jamesgorrie))
 - [#433](https://github.com/wycats/handlebars.js/issues/433) - Add support for unicode ids
 - [#469](https://github.com/wycats/handlebars.js/issues/469) - Add support for `?` in ids
+- [#534](https://github.com/wycats/handlebars.js/issues/534) - Protect from object prototype modifications
 - Add support for complex ids in @data references
 - Docs updates
 
diff --git a/spec/qunit_spec.js b/spec/qunit_spec.js
index 23dcdb9..5f14db0 100644
--- a/spec/qunit_spec.js
+++ b/spec/qunit_spec.js
@@ -1530,6 +1530,14 @@ test('GH-375: Unicode line terminators', function() {
   shouldCompileTo('\u2028', {}, '\u2028');
 });
 
+test('GH-534: Object prototype aliases', function() {
+  Object.prototype[0xD834] = true;
+
+  shouldCompileTo('{{foo}}', { foo: 'bar' }, 'bar');
+
+  delete Object.prototype[0xD834];
+});
+
 suite('Utils');
 
 test('escapeExpression', function() {