big-list-of-naughty-strings
big-list-of-naughty-strings copied to clipboard
add constructor and __proto__
Since javascript becomes so popular it's not uncommon for developers to use plain object initializers in the language (i.e. var hash = {}
).
Asking objects whether key is in the hash is often done via
var hash = {}
function contains(key) {
return key in hash
}
Which gives false-positives for words constructor
and __proto__
. This is a source of bugs that are hard to find. But maybe by adding these two words to your list, more people will test their code against this bug :).
Writing __proto__
in a Google Doc crashed the app at one point in time.
Also hasOwnProperty
has been known to cause issues since people sometimes write:
var hash = {}
function contains(key) {
return hash.hasOwnProperty(key)
}
function addKey(key) {
hash[key] = true
}
addKey('hasOwnProperty')
constains('a') // Exception!