-
Notifications
You must be signed in to change notification settings - Fork 38.2k
Closed
Labels
bugIssue identified by VS Code Team member as probable bugIssue identified by VS Code Team member as probable buginsiders-releasedPatch has been released in VS Code InsidersPatch has been released in VS Code InsidersjavascriptJavaScript support issuesJavaScript support issuestypescriptTypescript support issuesTypescript support issuesverifiedVerification succeededVerification succeeded
Milestone
Description
Hello!
I noticed that the current for in snippet uses the object.hasOwnProperty(), which can lead to a security vulnerability described here: https://eslint.org/docs/rules/no-prototype-builtins. I'm proposing a change to Object.hasOwnProperty.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
bugIssue identified by VS Code Team member as probable bugIssue identified by VS Code Team member as probable buginsiders-releasedPatch has been released in VS Code InsidersPatch has been released in VS Code InsidersjavascriptJavaScript support issuesJavaScript support issuestypescriptTypescript support issuesTypescript support issuesverifiedVerification succeededVerification succeeded