docs: add documentation for onProtoPoisoning option in README

Author: bjohansebas

README.md

@@ -116,6 +116,10 @@ The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`
 where `buf` is a `Buffer` of the raw request body and `encoding` is the
 encoding of the request. The parsing can be aborted by throwing an error.
 
+##### onProtoPoisoning
+
+Defines what action must be taken when parsing a JSON object with `__proto__`
+
 ### bodyParser.raw([options])
 
 Returns middleware that parses all bodies as a `Buffer` and only looks at

test/json.js

@@ -722,7 +722,7 @@ describe('bodyParser.json()', function () {
     })
   })
 
-  describe("prototype poisoning", function () {
+  describe('prototype poisoning', function () {
     it('should parse __proto__ when protoAction is set to ignore', function (done) {
       request(createServer({ onProtoPoisoning: 'ignore' }))
         .post('/')
@@ -738,7 +738,7 @@ describe('bodyParser.json()', function () {
         .send('{"user":"tobi","__proto__":{"x":7}}')
         .expect(400, '[entity.parse.failed] Object contains forbidden prototype property', done)
     })
-  
+
     it('should remove prototype poisoning when protoAction is set to remove', function (done) {
       request(createServer({ onProtoPoisoning: 'remove' }))
         .post('/')