Skip to content

node-unsafe-property-access

Certain object construction patterns are potentially unsafe access when arbitrary user data is passed.

Examples

Insecure Example

// This is equivalent to `new Function(prop3)`
obj[prop1][prop2](prop3)();

// For instance, this will call `alert(1)`
const a = {};
a["constructor"]["constructor"]("alert(1)")()