add safer version of hasOwnProperty() #14
Comments
|
Can it be a relatively short method, e.g. |
|
Sure. I'm not necessarily planning to do this right away. I filed an issue so I wouldn't forget about it. |
davepacheco
pushed a commit
that referenced
this issue
Jun 23, 2016
#15 forEachKey() should ignore inherited properties Reviewed by: Joshua M. Clulow <[email protected]> Reviewed by: Alex Wilson <[email protected]>
|
This was done a while ago. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's common to use
obj.hasOwnProperty(key)to determine if the objectobjhas a property calledkey. This fails badly ifobjcan have a key calledhasOwnPropertythat's unrelated to the method. This might be possible ofobjis an object whose keys represent HTTP headers sent by an untrusted user. Such a user can break a program usingobj.hasOwnProperty(key)by passing a header calledhasOwnProperty. To avoid this, programs can useObject.hasOwnProperty.call(obj, key). This is a little obscure (and verbose), so it would be nice to have a jsprim method to implement this.The text was updated successfully, but these errors were encountered: