DerScanner
Home / Vulnerability Database / JavaScript : Incorrect usage of global object
JavaScript

JavaScript : Incorrect usage of global object

Overview

ECMAScript provides several global objects. Some of these objects look like constructors, but in fact they are not.Some of these objects look as if they could be constructors due their capitalization (such as Math and JSON) but will throw an error if you try to execute them as functions.

In ECMAScript 5.1, Object.create was added, which enables the creation of objects with a specified [[Prototype]]. Object.create(null) provides a number of methods for working with these prototypes.

If global objects directly use methods from Object.prototype, this can lead to errors.

The following methods are the most dangerous in this case:

  1. hasOwnProperty
  2. isPrototypeOf
  3. propertyIsEnumerable

References

  1. MDN web docs: Math
  2. MDN web docs: JSON
  3. Stack Overflow: hasOwnProperty
  4. Stack Overflow: method confusion
LOW

DerScanner Severity Score

Do you want to fix JavaScript : Incorrect usage of global object in your application?

See also

JavaScript

JavaScript : Null salt

JavaScript

JavaScript : Empty encryption key

JavaScript

JavaScript : Unsafe Azure access control