big-list-of-naughty-strings icon indicating copy to clipboard operation
big-list-of-naughty-strings copied to clipboard

Published 20 hours ago verified publisher icon minimaxir

add constructor and __proto__

Open anvaka opened this issue 7 years ago • 1 comments

Since javascript becomes so popular it's not uncommon for developers to use plain object initializers in the language (i.e. var hash = {}).

Asking objects whether key is in the hash is often done via

var hash = {}
function contains(key) {
  return key in hash
}

Which gives false-positives for words constructor and __proto__. This is a source of bugs that are hard to find. But maybe by adding these two words to your list, more people will test their code against this bug :).

anvaka avatar Nov 21 '16 22:11 anvaka

Writing __proto__ in a Google Doc crashed the app at one point in time.

Also hasOwnProperty has been known to cause issues since people sometimes write:

var hash = {}
function contains(key) {
  return hash.hasOwnProperty(key)
}
function addKey(key) {
  hash[key] = true
}
addKey('hasOwnProperty')
constains('a') // Exception!

arv avatar Mar 02 '18 18:03 arv