d3cfe19d7e
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
58 lines
2.8 KiB
Plaintext
58 lines
2.8 KiB
Plaintext
== Why is this an issue?
|
|
|
|
In JavaScript, ``++arguments++`` is a built-in array-like object automatically available within the scope of all non-arrow functions. It allows you to access the arguments the function was called with, even if the number of arguments passed during the function call does not match the number declared in the function signature. `arguments` has entries for each argument, with the first entry's index at `0`.
|
|
|
|
The ++arguments++ object has two deprecated properties called ``++arguments.caller++`` and ``++arguments.callee++``, which were used to refer to functions involved in the function invocation chain:
|
|
|
|
* The `arguments.callee` property contains the currently executing function that the arguments belong to.
|
|
|
|
* The `arguments.caller` property returns the function that invoked the currently executing function. It was replaced by `Function.prototype.caller`, which provides the same functionality.
|
|
|
|
Both ``++arguments.caller++`` and ``++arguments.callee++`` are non-standard, deprecated, and leak stack information, which poses security risks and severely limits the possibility of optimizations.
|
|
|
|
Accessing ``arguments.callee``, ``Function.prototype.caller`` and ``Function.prototype.arguments`` in strict mode will throw a ``TypeError``.
|
|
|
|
[source,javascript]
|
|
----
|
|
function whoCalled() {
|
|
if (arguments.caller == null) //Noncompliant
|
|
console.log('I was called from the global scope.');
|
|
else
|
|
console.log(arguments.caller + ' called me!'); // Noncompliant
|
|
|
|
console.log(whoCalled.caller); // Noncompliant
|
|
console.log(whoCalled.arguments); // Noncompliant
|
|
}
|
|
----
|
|
|
|
== Resources
|
|
=== Documentation
|
|
|
|
* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/arguments[The arguments object]
|
|
* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/arguments/callee#description[arguments.callee]
|
|
* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/caller[Function.prototype.caller]
|
|
* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/arguments[Function.prototype.arguments]
|
|
* MDN web docs - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Deprecated_caller_or_arguments_usage[ReferenceError: deprecated caller or arguments usage]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* Name the enclosing function instead of using the deprecated property "arguments.callee".
|
|
* Remove this use of ["XXX"|arguments].caller".
|
|
* Remove this use of "XXX".arguments".
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 10 Mar 2015, 16:02:18 Ann Campbell wrote:
|
|
origin: JSHint & \http://jira.codehaus.org/browse/SONARJS-92
|
|
|
|
endif::env-github,rspecator-view[]
|