";let n=document.getElementById("TableOfContents");n&&(n.innerHTML=e)}rerender(){this.rerenderFilterMenu(),this.rerenderPageContent(),this.populateRightNav(),this.runHooks("afterRerender")}rerenderPageContent(){let e={};Object.keys(this.ifFunctionsByRef).forEach(t=>{let s=this.ifFunctionsByRef[t],o=s.value,n=(0,h.reresolveFunctionNode)(s,{variables:this.selectedValsByTraitId});this.ifFunctionsByRef[t]=n,o!==n.value&&(e[t]=n.value)});let t=document.getElementsByClassName("cdoc__toggleable");for(let n=0;n{this.fitCustomizationMenuToScreen()})}addDropdownEventListeners(){let e=document.getElementsByClassName("cdoc-dropdown");for(let t=0;t{let t=e.target;for(;!t.classList.contains("cdoc-dropdown")&&t.parentElement;)t=t.parentElement;let n=t.classList.toggle("cdoc-dropdown__expanded");t.setAttribute("aria-expanded",n.toString())});document.addEventListener("keydown",e=>{if(e.key==="Enter"){let t=e.target;t.classList.contains("cdoc-filter__option")&&t.click()}}),document.addEventListener("click",t=>{for(let n=0;nthis.handleFilterSelectionChange(e));this.addDropdownEventListeners()}locateFilterSelectorEl(){let e=document.getElementById("cdoc-selector");return!!e&&(this.filterSelectorEl=e,!0)}applyFilterSelectionOverrides(){let s=Object.keys(this.selectedValsByTraitId),e=!1,t=this.browserStorage.getTraitVals();Object.keys(t).forEach(n=>{s.includes(n)&&this.selectedValsByTraitId[n]!==t[n]&&(this.selectedValsByTraitId[n]=t[n],e=!0)});let n=(0,j.getTraitValsFromUrl)({url:new URL(window.location.href),traitIds:s});return Object.keys(n).forEach(t=>{this.selectedValsByTraitId[t]!==n[t]&&(this.selectedValsByTraitId[t]=n[t],e=!0)}),e}updateEditButton(){let t=document.getElementsByClassName("toc-edit-btn")[0];if(!t)return;let e=t.getElementsByTagName("a")[0];e&&(e.href=e.href.replace(/\.md\/$/,".mdoc.md/"))}revealPage(){this.runHooks("beforeReveal"),this.filterSelectorEl&&(this.filterSelectorEl.style.position="sticky",this.filterSelectorEl.style.backgroundColor="white",this.filterSelectorEl.style.paddingTop="10px",this.filterSelectorEl.style.visibility="visible",this.filterSelectorEl.style.zIndex="1000");let e=document.getElementById("cdoc-content");e&&(e.style.visibility="visible"),this.runHooks("afterReveal")}rerenderFilterMenu(){if(!this.filterSelectorEl||!this.filtersManifest)throw new Error("Cannot rerender filter selector without filtersManifest and filterSelectorEl");let e=(0,l.resolveFilters)({filtersManifest:this.filtersManifest,valsByTraitId:this.selectedValsByTraitId});Object.keys(e).forEach(t=>{let n=e[t];this.selectedValsByTraitId[t]=n.currentValue});let t=(0,y.buildCustomizationMenuUi)(e);this.filterSelectorEl.innerHTML=t,this.fitCustomizationMenuToScreen(),this.addFilterSelectorEventListeners()}fitCustomizationMenuToScreen(){let e=document.getElementById(g);if(!e)return;let s=e.classList.contains(n),t=document.getElementById(v);if(!t)throw new Error("Dropdown menu not found");let o=document.getElementById(b);if(!o)throw new Error("Menu wrapper not found");let i=e.scrollWidth>o.clientWidth;!s&&i?(e.classList.add(n),t.classList.remove(n)):s&&!i&&(e.classList.remove(n),t.classList.add(n))}get cdocsState(){return{selectedValsByTraitId:this.selectedValsByTraitId,ifFunctionsByRef:this.ifFunctionsByRef,filtersManifest:this.filtersManifest,browserStorage:this.browserStorage,filterSelectorEl:this.filterSelectorEl}}};e.ClientFiltersManager=r,t=r,s={value:void 0}}),y=e(e=>{Object.defineProperty(e,"__esModule",{value:!0});var t=j();window.clientFiltersManager=t.ClientFiltersManager.instance}),y()})()Prevent the use methods similar to eval()
This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
JavaScript methods like setTimeout(), setInterval(), or execScript() can accept a string of code as their first argument. This code will be executed at runtime, opening a vector for potential attacks.
It is generally considered a bad practice to execute code at runtime. This rule considers these methods as implied evaluations when their parameter is a piece of code.
setTimeout();setTimeout;setTimeout=foo;window.setTimeout;window.setTimeout=foo;window['setTimeout'];window['setTimeout']=foo;global.setTimeout;global.setTimeout=foo;global['setTimeout'];global['setTimeout']=foo;globalThis['setTimeout']=foo;window[`SetTimeOut`]('foo',100);global[`SetTimeOut`]('foo',100);global[`setTimeout${foo}`]('foo',100);global[`setTimeout${foo}`]('foo',100);globalThis[`setTimeout${foo}`]('foo',100);// normal usage
setTimeout(function(){x=1;},100);setInterval(function(){x=1;},100)execScript(function(){x=1;},100)window.setTimeout(function(){x=1;},100);window.setInterval(function(){x=1;},100);window.execScript(function(){x=1;},100);window.setTimeout(foo,100);window.setInterval(foo,100);window.execScript(foo,100);global.setTimeout(function(){x=1;},100);global.setInterval(function(){x=1;},100);global.execScript(function(){x=1;},100);global.setTimeout(foo,100);global.setInterval(foo,100);global.execScript(foo,100);globalThis.setTimeout(foo,100);// only checks on top-level statements or window.*
foo.setTimeout('hi')// identifiers are fine
setTimeout(foo,10)setInterval(1,10)execScript(2)// as are function expressions
setTimeout(function(){},10)// setInterval
foo.setInterval('hi')setInterval(foo,10)setInterval(function(){},10)// execScript
foo.execScript('hi')execScript(foo)execScript(function(){})// a binary plus on non-strings doesn't guarantee a string
// setTimeout(foo + bar, 10)
// doesn't check anything but the first argument
setTimeout(foobar,'buzz')setTimeout(foobar,foo+'bar')// only checks immediate subtrees of the argument
setTimeout(function(){return'foobar';},10)// https://github.com/eslint/eslint/issues/7821
setTimeoutFooBar('Foo Bar')foo.window.setTimeout('foo',100);foo.global.setTimeout('foo',100);// var window; window.setTimeout('foo', 100);
// var global; global.setTimeout('foo', 100);
// function foo(window) { window.setTimeout('foo', 100); }
// function foo(global) { global.setTimeout('foo', 100); }
foo('',window.setTimeout);foo('',global.setTimeout);
Integraciones sin problemas. Prueba Datadog Code Security
Datadog Code Security
Prueba esta regla y analiza tu código con Datadog Code Security
Cómo usar esta regla
1
2
rulesets:- javascript-best-practices # Rules to enforce JavaScript best practices.
Crea un static-analysis.datadog.yml con el contenido anterior en la raíz de tu repositorio
Utiliza nuestros complementos del IDE gratuitos o añade análisis de Code Security a tus pipelines de CI.