This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
critical-js.md #1359
Labels
enhancement
New feature or request
security fix
Security fix generated by WhiteSource
security vulnerability
Security vulnerability detected by WhiteSource
notes/past-itterations/scrap/js/prism.js
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
View File
Reported by ESLint Time to fix: 5 minutes
60
61
62
63
64
65
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
View File
Reported by ESLint Time to fix: 5 minutes
77
78
79
80
81
82
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Unexpected comma in middle of array.
View File
Reported by ESLint Time to fix: 5 minutes
99
100
101
102
103
104
Why is this an issue?
disallow sparse arrays (no-sparse-arrays)
Sparse arrays contain empty slots, most frequently due to multiple commas being used in an array literal, such as:
While the
items
array in this example has alength
of 2, there are actually no values initems[0]
oritems[1]
. The fact that the array literal is valid with only commas inside, coupled with thelength
being set and actual item values not being set, make sparse arrays confusing for many developers. Consider the following:In this example, the
colors
array has alength
of 3. But did the developer intend for there to be an empty spot in the middle of the array? Or is it a typo?The confusion around sparse arrays defined in this manner is enough that it's recommended to avoid using them unless you are certain that they are useful in your code.
Rule Details
This rule disallows sparse array literals which have "holes" where commas are not preceded by elements. It does not apply to a trailing comma following the last element.
Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
If you want to use sparse arrays, then it is safe to disable this rule.
Further Reading
Related code pattern
No sparse arrays
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
View File
Reported by ESLint Time to fix: 5 minutes
141
142
143
144
145
146
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Empty block statement.
View File
Reported by ESLint Time to fix: 5 minutes
543
544
545
546
547
548
Why is this an issue?
disallow empty block statements (no-empty)
Empty block statements, while not technically errors, usually occur due to refactoring that wasn't completed. They can cause confusion when reading code.
Rule Details
This rule disallows empty block statements. This rule ignores block statements which contain a comment (for example, in an empty
catch
orfinally
block of atry
statement to indicate that execution should continue regardless of errors).Examples of incorrect code for this rule:
Examples of correct code for this rule:
Options
This rule has an object option for exceptions:
"allowEmptyCatch": true
allows emptycatch
clauses (that is, which do not contain a comment)allowEmptyCatch
Examples of additional correct code for this rule with the
{ "allowEmptyCatch": true }
option:When Not To Use It
If you intentionally use empty block statements then you can disable this rule.
Related Rules
Related code pattern
No empty
Javascript TypeScript
CRITICALError Prone
Unexpected comma in middle of array.
View File
Reported by ESLint Time to fix: 5 minutes
649
650
651
652
653
654
Why is this an issue?
disallow sparse arrays (no-sparse-arrays)
Sparse arrays contain empty slots, most frequently due to multiple commas being used in an array literal, such as:
While the
items
array in this example has alength
of 2, there are actually no values initems[0]
oritems[1]
. The fact that the array literal is valid with only commas inside, coupled with thelength
being set and actual item values not being set, make sparse arrays confusing for many developers. Consider the following:In this example, the
colors
array has alength
of 3. But did the developer intend for there to be an empty spot in the middle of the array? Or is it a typo?The confusion around sparse arrays defined in this manner is enough that it's recommended to avoid using them unless you are certain that they are useful in your code.
Rule Details
This rule disallows sparse array literals which have "holes" where commas are not preceded by elements. It does not apply to a trailing comma following the last element.
Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
If you want to use sparse arrays, then it is safe to disable this rule.
Further Reading
Related code pattern
No sparse arrays
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
View File
Reported by ESLint Time to fix: 5 minutes
690
691
692
693
694
695
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
View File
Reported by ESLint Time to fix: 5 minutes
706
707
708
709
710
711
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
static/js/google-search.js
CRITICALError Prone
Expected a conditional expression and instead saw an assignment.
Bryan C Guner 15 days ago
View File
Reported by ESLint Time to fix: 5 minutes
17
18
19
20
21
}, I = function (a, b, d) { if (null == d) return b; if ("string" === typeof d) return d ? a + encodeURIComponent(d) : ""; for (var e in d) if (Object.prototype.hasOwnProperty.call(d, e)) { var c = d[e]; c = Array.isArray(c) ? c : [c]; for (var f = 0; f < c.length; f++) { var h = c[f]; null != h && (b || (b = a), b += (b.length > a.length ? "&" : "") + encodeURIComponent(e) + "=" + encodeURIComponent(String(h))) } } return b }; var aa = /^[\w+/_-]+[=]{0,2}$/; var ba = new w(u, "https://www.google.com/cse/static/style/look/%{versionDir}%{versionSlash}%{theme}.css"), K = new w(u, "https://www.google.com/cse/static/element/%{versionDir}%{versionSlash}default%{experiment}+%{lang}.css"), H = new w(u, "https://www.google.com/cse/static/element/%{versionDir}%{versionSlash}cse_element__%{lang}.js"), L = new w(u, "/"); window.__gcse = window.__gcse || {}; window.__gcse.ct = Date.now();
22
window.__gcse.scb = function () { var a = window.gcse; M() || delete opts.rawCss; var b = ca(a.initializationCallback || a.callback); google.search.cse.element.init(opts) && ("explicit" !== a.parsetags ? "complete" === document.readyState || "interactive" === document.readyState ? (google.search.cse.element.go(), b && b()) : google.setOnLoadCallback(function () { google.search.cse.element.go(); b && b() }, !0) : b && b()) }; function ca(a) { return "function" === typeof a ? a : "string" === typeof a && "function" === typeof window[a] ? window[a] : null }
Why is this an issue?
disallow assignment operators in conditional statements (no-cond-assign)
In conditional statements, it is very easy to mistype a comparison operator (such as
==
) as an assignment operator (such as=
). For example:There are valid reasons to use assignment operators in conditional statements. However, it can be difficult to tell whether a specific assignment was intentional.
Rule Details
This rule disallows ambiguous assignment operators in test conditions of
if
,for
,while
, anddo...while
statements.Options
This rule has a string option:
"except-parens"
(default) allows assignments in test conditions only if they are enclosed in parentheses (for example, to allow reassigning a variable in the test of awhile
ordo...while
loop)"always"
disallows all assignments in test conditionsexcept-parens
Examples of incorrect code for this rule with the default
"except-parens"
option:Examples of correct code for this rule with the default
"except-parens"
option:always
Examples of incorrect code for this rule with the
"always"
option:Examples of correct code for this rule with the
"always"
option:Related Rules
Related code pattern
No cond assign
Javascript TypeScript
CRITICALError Prone
Unnecessary semicolon.
30
}; var O, G = opts_.usqp ? { usqp: opts_.usqp } : {}, P = opts_.language.toLowerCase(); O = opts_.cselibVersion ? J({ versionDir: opts_.cselibVersion, versionSlash: L, lang: P }) : J({ versionDir: "", versionSlash: "", lang: P }); var Q = window.__gcse.scb, R = document.createElement("script"); R.src = A(O); var S, T, U = (R.ownerDocument && R.ownerDocument.defaultView || window).document, V = null === (T = U.querySelector) || void 0 === T ? void 0 : T.call(U, "script[nonce]"); (S = V ? V.nonce || V.getAt
static/js/plugins.js
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
115
116
117
118
119
120
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
499
500
501
502
503
504
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
static/js/prism.js
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
31
32
33
34
35
36
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
61
62
63
64
65
66
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
62
63
64
65
66
67
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
77
78
79
80
81
82
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
141
142
143
144
145
146
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
629
630
631
632
633
634
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
690
691
692
693
694
695
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
Javascript TypeScript
CRITICALError Prone
Do not access Object.prototype method 'hasOwnProperty' from target object.
Bryan C Guner 5 months ago
View File
Reported by ESLint Time to fix: 5 minutes
706
707
708
709
710
711
Why is this an issue?
Disallow use of Object.prototypes builtins directly (no-prototype-builtins)
In ECMAScript 5.1,
Object.create
was added, which enables the creation of objects with a specified[[Prototype]]
.Object.create(null)
is a common pattern used to create objects that will be used as a Map. This can lead to errors when it is assumed that objects will have properties fromObject.prototype
. This rule prevents calling someObject.prototype
methods directly from an object.Additionally, objects can have properties that shadow the builtins on
Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities. For example, it would be unsafe for a webserver to parse JSON input from a client and callhasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like{"hasOwnProperty": 1}
and cause the server to crash.To avoid subtle bugs like this, it's better to always call these methods from
Object.prototype
. For example,foo.hasOwnProperty("bar")
should be replaced withObject.prototype.hasOwnProperty.call(foo, "bar")
.Rule Details
This rule disallows calling some
Object.prototype
methods directly on object instances.Examples of incorrect code for this rule:
Examples of correct code for this rule:
When Not To Use It
You may want to turn this rule off if your code only touches objects with hardcoded keys, and you will never use an object that shadows an
Object.prototype
method or which does not inherit fromObject.prototype
.Related code pattern
No prototype builtins
The text was updated successfully, but these errors were encountered: