[−][src]Struct rslint_core::groups::errors::NoPrototypeBuiltins
Disallow direct use of Object.prototype
builtins directly.
ES 5.1 added Object.create
which allows creation of object with a custom prototype. This
pattern is frequently used for objects used as Maps. However this pattern can lead to errors
if something else relies on prototype properties/methods.
Moreover, the methods could be shadowed, this can lead to random bugs and denial of service
vulnerabilities. For example, calling hasOwnProperty
directly on parsed json could lead to vulnerabilities.
Instead, you should use get the method directly from the object using Object.prototype.prop.call(item, args)
.
Invalid Code Examples
var bar = foo.hasOwnProperty("bar");
var bar = foo.isPrototypeOf(bar);
var bar = foo.propertyIsEnumerable("bar");
Correct Code Examples
var bar = Object.prototype.hasOwnProperty.call(foo, "bar");
var bar = Object.prototype.isPrototypeOf.call(foo, bar);
var bar = Object.propertyIsEnumerable.call(foo, "bar");
Implementations
impl NoPrototypeBuiltins
[src]
Trait Implementations
impl Clone for NoPrototypeBuiltins
[src]
fn clone(&self) -> NoPrototypeBuiltins
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl CstRule for NoPrototypeBuiltins
[src]
fn check_node(&self, node: &SyntaxNode, ctx: &mut RuleCtx) -> Option<()>
[src]
fn check_token(&self, token: &SyntaxToken, ctx: &mut RuleCtx) -> Option<()>
[src]
fn check_root(&self, root: &SyntaxNode, ctx: &mut RuleCtx) -> Option<()>
[src]
impl Debug for NoPrototypeBuiltins
[src]
impl Default for NoPrototypeBuiltins
[src]
fn default() -> NoPrototypeBuiltins
[src]
impl<'de> Deserialize<'de> for NoPrototypeBuiltins
[src]
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]
__D: Deserializer<'de>,
impl Rule for NoPrototypeBuiltins
[src]
impl Serialize for NoPrototypeBuiltins
[src]
Auto Trait Implementations
impl RefUnwindSafe for NoPrototypeBuiltins
impl Send for NoPrototypeBuiltins
impl Sync for NoPrototypeBuiltins
impl Unpin for NoPrototypeBuiltins
impl UnwindSafe for NoPrototypeBuiltins
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> DeserializeOwned for T where
T: for<'de> Deserialize<'de>,
[src]
T: for<'de> Deserialize<'de>,
impl<T> DynClone for T where
T: Clone,
[src]
T: Clone,
fn __clone_box(&self, Private) -> *mut ()
[src]
impl<T> Erasable for T
unsafe fn unerase(this: NonNull<Erased>) -> NonNull<T>
const ACK_1_1_0: bool
fn erase(this: NonNull<Self>) -> NonNull<Erased>
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Serialize for T where
T: Serialize + ?Sized,
[src]
T: Serialize + ?Sized,
fn erased_serialize(&self, serializer: &mut dyn Serializer) -> Result<Ok, Error>
[src]
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,