Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update: consider env in no-implied-eval (fixes #12733) #12757
Update: consider env in no-implied-eval (fixes #12733) #12757
Changes from 9 commits
55043c7
df0ebb5
9d6c260
e6a85c2
7b061e9
4fc6223
ada0c42
8776e59
cbd34aa
37d37d6
c00cb77
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder about some other cases that can result in string coercion like:
Is there a way to reliably enforce these cases? We should be able to check if they're the globals for
String
andJSON
, but I don't know ifX.prototype.toString()
can be reliably checked (though it might be a fair assumption to assume it returns a string, given the name).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kaicataldo
I'll try but I'm not sure to do that. Can I work on that in another PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be fine to do that, since this does already improve the rule. Let's see what others have to say.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd also agree that this could be a nice future improvement.
Maybe we could also use getstaticvalue to catch code like:
And perhaps add
self
to the list of global objects.