From f1151d9cb3188367e0a0d3b4891be464349c1a67 Mon Sep 17 00:00:00 2001
From: "Alex A. Naanou" <alex.nanou@gmail.com>
Date: Wed, 30 Jun 2021 13:35:07 +0300
Subject: [PATCH] minor fix...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
---
 object.js    | 7 +++++--
 package.json | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/object.js b/object.js
index a8669b8..cf591f3 100755
--- a/object.js
+++ b/object.js
@@ -285,7 +285,7 @@ function(obj){
 	if(typeof(obj) == 'string' && arguments.length > 1){
 		;[name, obj] = arguments 
 		// sanity check...
-		if(!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)){
+		if(!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name.trim())){
 			throw new Error(`create(..): invalid name: "${name}"`) } }
 	// calable...
 	if(typeof(obj) == 'function'){
@@ -298,6 +298,9 @@ function(obj){
 				// 		might not be available directly...
 				: Function.prototype.call.call(obj, func, ...arguments) }
 		// rename...
+		// NOTE: we just created func(..) so no need to sanitize it, the 
+		// 		only potential vector of atack (AFAIK) here is name and 
+		// 		that is checked above...
 		func.name = name
 		func.name != name
 			&& (func = eval('('+ 
@@ -954,7 +957,7 @@ function Constructor(name, a, b, c){
 	var args = [...arguments].slice(1, 4)
 
 	// sanity check...
-	if(!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)){
+	if(!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name.trim())){
 		throw new Error(`Constructor(..): invalid name: "${name}"`) }
 
 	// parse args...
diff --git a/package.json b/package.json
index 3ec34f2..922dee3 100755
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ig-object",
-  "version": "5.5.2",
+  "version": "5.5.3",
   "description": "",
   "main": "object.js",
   "scripts": {