Object.prototype
builtins should not be used directly JS-00211module.exports = {
2 I18N_HASH: 'generated_hash',
3 SERVER_API_URL: '',
4 __VERSION__: process.env.hasOwnProperty('APP_VERSION') ? process.env.APP_VERSION : 'DEV',5 __DEBUG_INFO_ENABLED__: false,
6};
It is preferable to call certain Object.prototype
methods through Object
on object instances instead of using the builtins directly.
Objects can have properties that shadow the builtins on Object.prototype
, potentially causing unintended behavior or denial-of-service security vulnerabilities.
For example, it would be unsafe for a webserver to parse JSON input from a client and call hasOwnProperty
directly on the resulting object, because a malicious client could send a JSON value like {"hasOwnProperty": 1}
and cause the server to crash.
It's better to always call these methods from Object.prototype
. For example, obj.hasOwnProperty("bar")
should be replaced with Object.prototype.hasOwnProperty.call(obj, "bar")
.
let hasBarProperty = obj.hasOwnProperty("property");
let isPrototypeOfBar = obj.isPrototypeOf(property);
let barIsEnumerable = obj.propertyIsEnumerable("property");
let hasBarProperty = Object.prototype.hasOwnProperty.call(obj, "property");
let isPrototypeOfBar = Object.prototype.isPrototypeOf.call(obj, property);
let barIsEnumerable = {}.propertyIsEnumerable.call(obj, "property");