#6239 - JS linter: check for accidental assignment to browser globals
-
By PDStig
- Added
- 2 views
| Identifier | #6239 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | JS linter: check for accidental assignment to browser globals |
| Status | Open |
| Tags |
Roadmap: v11 (custom) Type: JavaScript (custom) Type: Security (custom) |
| Handling member | Deleted |
| Version | 11 beta7 |
| Addon | core_webstandards |
| Description | The JS linter needs to check for, and warn of, accidental assignment to browser globals. For example, doing name = 'value'; ...without first doing let name; ...will cause window.name to equal 'value'. We might already be checking to ensure every variable assignment is first declared, in which case the above issue is a non-issue. But double-check to be sure. |
| Steps to reproduce | |
| Additional information | See https://www.youtube.com/watch?v=_xEWzr5mVfk . This is a potential XSS vulnerability. |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet