New rule: Disallow use of Object.prototypes builtins directly (no-prototype-builtins) #1310

feross · 2019-07-05T19:56:06Z

https://eslint.org/docs/rules/no-prototype-builtins

This is an important rule which has security and DDoS implications. It's also part of the ESLint recommended set. I plan to ship it standard 13.

The text was updated successfully, but these errors were encountered:

feross · 2019-07-05T20:05:48Z

3% failure rate in the ecosystem. This is a bit high and most of these seem to not be actually crash risks, but on the other hand, I have forgotten that this is a possible issue before and would rather just be reminded to always use Object.prototype.hasOwnProperty.call(obj, 'key') than to risk forgetting to do so when it really counts.

Also, one doesn't use hasOwnProperty that often anyway, so this shouldn't add too much verbosity.

feross added the enhancement label Jul 5, 2019

feross added this to the standard v13 milestone Jul 5, 2019

feross added the accepted label Jul 5, 2019

feross closed this as completed Jul 6, 2019

feross mentioned this issue Jul 6, 2019

Release proposal: standard v13 #1318

Closed

github-actions bot locked as resolved and limited conversation to collaborators Oct 28, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New rule: Disallow use of Object.prototypes builtins directly (no-prototype-builtins) #1310

New rule: Disallow use of Object.prototypes builtins directly (no-prototype-builtins) #1310

feross commented Jul 5, 2019

feross commented Jul 5, 2019

New rule: Disallow use of Object.prototypes builtins directly (no-prototype-builtins) #1310

New rule: Disallow use of Object.prototypes builtins directly (no-prototype-builtins) #1310

Comments

feross commented Jul 5, 2019

feross commented Jul 5, 2019