node-unsafe-property-access¶
Certain object construction patterns are potentially unsafe access when arbitrary user data is passed.
Examples¶
Insecure Example
// This is equivalent to `new Function(prop3)`
obj[prop1][prop2](prop3)();
// For instance, this will call `alert(1)`
const a = {};
a["constructor"]["constructor"]("alert(1)")()