Do not access Object.prototype method 'hasOwnProperty' from target object.
449 const tables = []
450
451 for (const key in nuFORM.tableSchema) {
452 if (nuFORM.tableSchema.hasOwnProperty(key)) {453 if (nuSERVERRESPONSE.viewSchema.indexOf(key) == -1) {
454 tables.push(key)
455 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
449 const tables = []
450
451 for (const key in nuFORM.tableSchema) {
452 if (nuFORM.tableSchema.hasOwnProperty(key)) {453 if (nuSERVERRESPONSE.viewSchema.indexOf(key) == -1) {
454 tables.push(key)
455 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
1210 let f = ''
1211
1212 for (const k in window) {
1213 if (window.hasOwnProperty(k)) {1214 if (String(k).substr(0, 2) === 'nu') {
1215 f += k + '\n'
1216 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
927 delete attrs.style
928 }
929 for (attr in attrs) {
930 if (attrs.hasOwnProperty(attr)) { 931 el[attr] = attrs[attr]
932 }
933 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
938 applyCSS: function (el, styles) {
939 /* Applies CSS to a single element */
940 for (const prop in styles) {
941 if (styles.hasOwnProperty(prop)) { 942 el.style[prop] = styles[prop]
943 }
944 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
1066 }
1067
1068 for (const property in source) {
1069 if (source.hasOwnProperty(property)) {1070 const sourceProperty = source[property]
1071
1072 if (typeof sourceProperty === 'object') {
Do not access Object.prototype method 'hasOwnProperty' from target object.
1239 if (typeof obj === 'object') {
1240 str = '{'
1241 for (const i in obj) {
1242 if (obj.hasOwnProperty(i)) {1243 str += (first ? '' : ', ') + i + ':' + util.stringify(obj[i])
1244 first = false
1245 }
Description
It is preferable to call certain Object.prototype
methods through Object
on object instances instead of using the builtins directly.
Objects can have properties that shadow the builtins on Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities.
For example, it would be unsafe for a webserver to parse JSON input from a client and call hasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like {"hasOwnProperty": 1}
and cause the server to crash.
It's better to always call these methods from Object.prototype
. For example, obj.hasOwnProperty("bar")
should be replaced with Object.prototype.hasOwnProperty.call(obj, "bar")
.
Bad Practice
let hasBarProperty = obj.hasOwnProperty("property");
let isPrototypeOfBar = obj.isPrototypeOf(property);
let barIsEnumerable = obj.propertyIsEnumerable("property");
Recommended
let hasBarProperty = Object.prototype.hasOwnProperty.call(obj, "property");
let isPrototypeOfBar = Object.prototype.isPrototypeOf.call(obj, property);
let barIsEnumerable = {}.propertyIsEnumerable.call(obj, "property");