Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community
View Categories

JavaScript – Avoid Use Of Function Constructors – UI Policy scriptTrue

Table of Contents
Impact Area

Security

Severity

High

Affected Element

UI Policy

Rule number #

SN-034

Impact #

In addition to being obtuse from a syntax perspective, function constructors are also dangerous: their execution evaluates the constructor string arguments similar to the way eval works, which could expose your program to random, unintended code which can be both slow and a security risk.

Remediation #

Avoid function constructors altogether.

Time to fix

30 min

References #

This rule is linked to Common Weakness Enumeration CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection).

Code examples #

Noncompliant code

var obj = new Function(“return ” + data)(); // Noncompliant

Compliant code

var obj = JSON.parse(data);

What are your Feelings

Powered by BetterDocs

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .