Details
-
Type:
New Feature
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: JAVASCRIPT-1.2
-
Component/s: JavaScript
-
Labels:None
-
Number of attachments :
Description
References: Mozilla documentation, http://es5.github.com/#C
title
"eval" and "arguments" must not be bound or assigned
description
In JavaScript, <code>eval</code> is used to add or remove bindings and to change binding values. <code>arguments</code> is used to access function arguments through indexed properties. As a consequence, those 2 names <code>eval</code> and <code>arguments</code> should not be bound or assigned as it would overwrite the original definition of those 2 elements.
What's more, using those 2 names to assign or bind will generate an error in JavaScript strict mode code.
The following code snippet illustrates cases that will generate violations (changing the names turns the different non-compliant cases into compliant cases):
eval = 17; // non-compliant
arguments++; // non-compliant
++eval; // non-compliant
var obj = { set p(arguments) { } }; // non-compliant
var eval; // non-compliant
try { } catch (arguments) { } // non-compliant
function x(eval) { } // non-compliant
function arguments() { } // non-compliant
var y = function eval() { }; // non-compliant
var f = new Function("arguments", "return 17;"); // non-compliant
message
In case of an new binding: Do not use '
{0}' to declare a (variable|parameter|function) - use another name.In case of a assignment/modification: Remove the modification of '{0}
'.
severity
Critical
in Sonar way?
Yes
Issue Links
- relates to
-
SONARPLUGINS-2508
Rule : Source should comply with the javascript strict mode
-
Note that current implementation not able to detect:
new Function("arguments", "return 17;");