Do not access Object.prototype method 'hasOwnProperty' from target object.
1213 let f = ''
1214
1215 for (const k in window) {
1216 if (window.hasOwnProperty(k)) {1217 if (String(k).substr(0, 2) === 'nu') {
1218 f += k + '\n'
1219 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
1243 if (typeof obj === 'object') {
1244 str = '{'
1245 for (const i in obj) {
1246 if (obj.hasOwnProperty(i)) {1247 str += (first ? '' : ', ') + i + ':' + util.stringify(obj[i])
1248 first = false
1249 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
1070 }
1071
1072 for (const property in source) {
1073 if (source.hasOwnProperty(property)) {1074 const sourceProperty = source[property]
1075
1076 if (typeof sourceProperty === 'object') {
Do not access Object.prototype method 'hasOwnProperty' from target object.
942 applyCSS: function (el, styles) {
943 /* Applies CSS to a single element */
944 for (const prop in styles) {
945 if (styles.hasOwnProperty(prop)) { 946 el.style[prop] = styles[prop]
947 }
948 }
Do not access Object.prototype method 'hasOwnProperty' from target object.
931 delete attrs.style
932 }
933 for (attr in attrs) {
934 if (attrs.hasOwnProperty(attr)) { 935 el[attr] = attrs[attr]
936 }
937 }
Description
It is preferable to call certain Object.prototype
methods through Object
on object instances instead of using the builtins directly.
Objects can have properties that shadow the builtins on Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities.
For example, it would be unsafe for a webserver to parse JSON input from a client and call hasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like {"hasOwnProperty": 1}
and cause the server to crash.
It's better to always call these methods from Object.prototype
. For example, obj.hasOwnProperty("bar")
should be replaced with Object.prototype.hasOwnProperty.call(obj, "bar")
.
Bad Practice
let hasBarProperty = obj.hasOwnProperty("property");
let isPrototypeOfBar = obj.isPrototypeOf(property);
let barIsEnumerable = obj.propertyIsEnumerable("property");
Recommended
let hasBarProperty = Object.prototype.hasOwnProperty.call(obj, "property");
let isPrototypeOfBar = Object.prototype.isPrototypeOf.call(obj, property);
let barIsEnumerable = {}.propertyIsEnumerable.call(obj, "property");