#863 Add "hasOwnProperty" guard to all "for .. in" statements

RichardBradley · RichardBradley · commit a4b9fb7c53e1 · 2016-02-17T10:39:10.000Z
diff --git a/src/javascripts/ng-admin/Crud/button/maExportToCsvButton.js b/src/javascripts/ng-admin/Crud/button/maExportToCsvButton.js
@@ -39,6 +39,7 @@ export default function maExportToCsvButton ($stateParams, Papa, notification, A
                     .then(referenceData => {
                         const references = exportView.getReferences();
                         for (var name in referenceData) {
+                            if (!referenceData.hasOwnProperty(name)) continue;
                             AdminDescription.getEntryConstructor().createArrayFromRest(
                                 referenceData[name],
                                 [references[name].targetField()],
diff --git a/src/javascripts/ng-admin/Crud/field/maButtonField.js b/src/javascripts/ng-admin/Crud/field/maButtonField.js
@@ -18,6 +18,7 @@ export default function maButtonField() {
             var a = element.children()[0];
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 a.setAttribute(name, attributes[name]);
             }
             scope.toggle = function() {
diff --git a/src/javascripts/ng-admin/Crud/field/maCheckboxField.js b/src/javascripts/ng-admin/Crud/field/maCheckboxField.js
@@ -18,6 +18,7 @@ export default function maCheckboxField() {
             var input = element.children()[0];
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 input.setAttribute(name, attributes[name]);
             }
         },
diff --git a/src/javascripts/ng-admin/Crud/field/maChoiceField.js b/src/javascripts/ng-admin/Crud/field/maChoiceField.js
@@ -52,6 +52,7 @@ export default function maChoiceField($compile) {
 
                     var select = element.children()[0];
                     for (var name in attributes) {
+                        if (!attributes.hasOwnProperty(name)) continue;
                         select.setAttribute(name, attributes[name]);
                     }
 
diff --git a/src/javascripts/ng-admin/Crud/field/maChoicesField.js b/src/javascripts/ng-admin/Crud/field/maChoicesField.js
@@ -48,6 +48,7 @@ export default function maChoicesField($compile) {
                     var select = element.children()[0];
 
                     for (var name in attributes) {
+                        if (!attributes.hasOwnProperty(name)) continue;
                         select.setAttribute(name, attributes[name]);
                     }
 
diff --git a/src/javascripts/ng-admin/Crud/field/maDateField.js b/src/javascripts/ng-admin/Crud/field/maDateField.js
@@ -27,6 +27,7 @@ export default function maDateField() {
             var input = element.find('input').eq(0);
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 input.attr(name, attributes[name]);
             }
             scope.toggleDatePicker = function ($event) {
diff --git a/src/javascripts/ng-admin/Crud/field/maFileField.js b/src/javascripts/ng-admin/Crud/field/maFileField.js
@@ -27,6 +27,7 @@ export default function maFileField(Upload) {
                 var files = scope.value ? scope.value.split(',') : [];
                 scope.files = {};
                 for (var file in files) {
+                    if (!files.hasOwnProperty(file)) continue;
                     scope.files[files[file]] = {
                         "name": files[file],
                         "progress": 0
@@ -43,6 +44,7 @@ export default function maFileField(Upload) {
                 var input = element.find('input')[0];
                 var attributes = field.attributes();
                 for (var name in attributes) {
+                    if (!attributes.hasOwnProperty(name)) continue;
                     input.setAttribute(name, attributes[name]);
                 }
 
@@ -55,6 +57,7 @@ export default function maFileField(Upload) {
 
                     scope.files = {};
                     for (var file in selectedFiles) {
+                        if (!selectedFiles.hasOwnProperty(file)) continue;
                         uploadParams = angular.copy(scope.field().uploadInformation());
                         uploadParams.file = selectedFiles[file];
                         Upload
diff --git a/src/javascripts/ng-admin/Crud/field/maInputField.js b/src/javascripts/ng-admin/Crud/field/maInputField.js
@@ -19,6 +19,7 @@ export default function maInputField() {
             var input = element.children()[0];
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 if (name === 'step') { // allow to use `step` attribute instead of `scope.step`
                     scope.step = attributes[name];
                     continue;
diff --git a/src/javascripts/ng-admin/Crud/field/maJsonField.js b/src/javascripts/ng-admin/Crud/field/maJsonField.js
@@ -40,6 +40,7 @@ export default function maJsonField() {
             var input = element.children()[0];
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 input.setAttribute(name, attributes[name]);
             }
             scope.$watch('jsonValue', function(jsonValue) {
diff --git a/src/javascripts/ng-admin/Crud/field/maTextField.js b/src/javascripts/ng-admin/Crud/field/maTextField.js
@@ -17,6 +17,7 @@ export default function maTextField() {
             var input = element.children()[0];
             var attributes = field.attributes();
             for (var name in attributes) {
+                if (!attributes.hasOwnProperty(name)) continue;
                 input.setAttribute(name, attributes[name]);
             }
         },
diff --git a/src/javascripts/ng-admin/Crud/list/ListController.js b/src/javascripts/ng-admin/Crud/list/ListController.js
@@ -57,6 +57,7 @@ export default class ListController {
                 this.progression.done();
 
                 for (var name in referenceData) {
+                    if (!referenceData.hasOwnProperty(name)) continue;
                     Entry.createArrayFromRest(
                         referenceData[name],
                         [references[name].targetField()],
diff --git a/src/javascripts/ng-admin/Crud/list/ListLayoutController.js b/src/javascripts/ng-admin/Crud/list/ListLayoutController.js
@@ -88,6 +88,7 @@ export default class ListLayoutController {
             field,
             i;
         for (i in filters) {
+            if (!filters.hasOwnProperty(i)) continue;
             field = filters[i];
             fieldName = field.name();
             if (this.search[fieldName] === '') {
diff --git a/src/javascripts/ng-admin/Crud/routing.js b/src/javascripts/ng-admin/Crud/routing.js
@@ -59,6 +59,7 @@ function routing($stateProvider) {
                 filterEntries: ['dataStore', 'view', 'filterData', function (dataStore, view, filterData) {
                     const filters = view.getFilterReferences(false);
                     for (var name in filterData) {
+                        if (!filterData.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             filterData[name],
                             [filters[name].targetField()],
@@ -103,6 +104,7 @@ function routing($stateProvider) {
                         referenceEntries: ['dataStore', 'view', 'referenceData', function (dataStore, view, referenceData) {
                             const references = view.getReferences();
                             for (var name in referenceData) {
+                                if (!referenceData.hasOwnProperty(name)) continue;
                                 Entry.createArrayFromRest(
                                     referenceData[name],
                                     [references[name].targetField()],
@@ -170,6 +172,7 @@ function routing($stateProvider) {
                 referenceEntries: ['dataStore', 'view', 'referenceData', function (dataStore, view, referenceData) {
                     const references = view.getReferences();
                     for (var name in referenceData) {
+                        if (!referenceData.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             referenceData[name],
                             [references[name].targetField()],
@@ -184,6 +187,7 @@ function routing($stateProvider) {
                 referencedListEntries: ['dataStore', 'view', 'referencedListData', function (dataStore, view, referencedListData) {
                     const referencedLists = view.getReferencedLists();
                     for (var name in referencedLists) {
+                        if (!referencedLists.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             referencedListData[name],
                             referencedLists[name].targetFields(),
@@ -209,6 +213,7 @@ function routing($stateProvider) {
                     Object.keys(referencedLists).map(referencedListName => {
                         const references = referencedLists[referencedListName].getReferences();
                         for (var name in references) {
+                            if (!references.hasOwnProperty(name)) continue;
                             if (!referenceDataForReferencedLists[referencedListName][name]) continue;
                             Entry.createArrayFromRest(
                                 referenceDataForReferencedLists[referencedListName][name],
@@ -263,6 +268,7 @@ function routing($stateProvider) {
                 choiceEntries: ['dataStore', 'view', 'choiceData', function (dataStore, view, filterData) {
                     const choices = view.getReferences(false);
                     for (var name in filterData) {
+                        if (!filterData.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             filterData[name],
                             [choices[name].targetField()],
@@ -314,6 +320,7 @@ function routing($stateProvider) {
                 referenceEntries: ['dataStore', 'view', 'referenceData', function (dataStore, view, referenceData) {
                     const references = view.getReferences();
                     for (var name in referenceData) {
+                        if (!referenceData.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             referenceData[name],
                             [references[name].targetField()],
@@ -328,6 +335,7 @@ function routing($stateProvider) {
                 referencedListEntries: ['dataStore', 'view', 'referencedListData', function (dataStore, view, referencedListData) {
                     const referencedLists = view.getReferencedLists();
                     for (var name in referencedLists) {
+                        if (!referencedLists.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             referencedListData[name],
                             referencedLists[name].targetFields(),
@@ -346,6 +354,7 @@ function routing($stateProvider) {
                 choiceEntries: ['dataStore', 'view', 'choiceData', function (dataStore, view, filterData) {
                     const choices = view.getReferences(false);
                     for (var name in filterData) {
+                        if (!filterData.hasOwnProperty(name)) continue;
                         Entry.createArrayFromRest(
                             filterData[name],
                             [choices[name].targetField()],
@@ -367,6 +376,7 @@ function routing($stateProvider) {
                     Object.keys(referencedLists).map(referencedListName => {
                         const references = referencedLists[referencedListName].getReferences();
                         for (var name in references) {
+                            if (!references.hasOwnProperty(name)) continue;
                             if (!referenceDataForReferencedLists[referencedListName][name]) continue;
                             Entry.createArrayFromRest(
                                 referenceDataForReferencedLists[referencedListName][name],
diff --git a/src/javascripts/ng-admin/Main/component/filter/OrderElement.js b/src/javascripts/ng-admin/Main/component/filter/OrderElement.js
@@ -4,6 +4,7 @@ export default function OrderElement() {
             objectKey;
 
         for (objectKey in input) {
+            if (!input.hasOwnProperty(objectKey)) continue;
             results.push(input[objectKey]);
         }
 
diff --git a/src/javascripts/ng-admin/Main/config/routing.js b/src/javascripts/ng-admin/Main/config/routing.js
@@ -57,6 +57,7 @@ function routing($stateProvider, $urlRouterProvider) {
                     collectionName;
 
                 for (collectionName in collections) {
+                    if (!collections.hasOwnProperty(collectionName)) continue;
                     collection = collections[collectionName];
                     collectionSortField = collection.getSortFieldName();
                     collectionSortDir = collection.sortDir();
@@ -77,6 +78,7 @@ function routing($stateProvider, $urlRouterProvider) {
                             .then(referenceData => {
                                 const references = collection.getReferences();
                                 for (var name in referenceData) {
+                                    if (!referenceData.hasOwnProperty(name)) continue;
                                     Entry.createArrayFromRest(
                                         referenceData[name],
                                         [references[name].targetField()],
@@ -103,6 +105,7 @@ function routing($stateProvider, $urlRouterProvider) {
                     entries = {};
 
                 for (collectionName in responses) {
+                    if (!responses.hasOwnProperty(collectionName)) continue;
                     entries[collections[collectionName].name()] = responses[collectionName];
                 }
 
diff --git a/src/javascripts/test/before_all.js b/src/javascripts/test/before_all.js
@@ -0,0 +1,16 @@
+
+if (!Object.prototype.test_prototype_entry) {
+    Object.prototype.test_prototype_entry =
+        "Don't use for..in to enumerate Object properties, as users are free to " +
+        "add entries to the Object prototype, for example for polyfills. " +
+        "You should instead use\n" +
+        "  for (let i in xs) { if (!xs.hasOwnProperty(i)) continue; var x = xs[i]; ... }";
+}
+
+if (!Array.prototype.test_prototype_entry) {
+    Array.prototype.test_prototype_entry =
+        "Don't use for..in to enumerate Array properties, as users are free to " +
+        "add entries to the Array prototype, for example for polyfills. " +
+        "You should instead use\n" +
+        "  for (let i in xs) { if (!xs.hasOwnProperty(i)) continue; var x = xs[i]; ... }";
+}
diff --git a/src/javascripts/test/karma.conf.js b/src/javascripts/test/karma.conf.js
@@ -22,6 +22,7 @@ module.exports = function (config) {
 
             'ng-admin.js',
             'test/function.bind.shim.js',
+            'test/before_all.js',
             'test/unit/**/*.js'
         ],
         plugins: ['karma-webpack', 'karma-jasmine', 'karma-chrome-launcher', 'karma-phantomjs-launcher'],

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ export default function maButtonField() {`
`18`	`18`	`var a = element.children()[0];`
`19`	`19`	`var attributes = field.attributes();`
`20`	`20`	`for (var name in attributes) {`
	`21`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`21`	`22`	`a.setAttribute(name, attributes[name]);`
`22`	`23`	`}`
`23`	`24`	`scope.toggle = function() {`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ export default function maChoiceField($compile) {`
`52`	`52`
`53`	`53`	`var select = element.children()[0];`
`54`	`54`	`for (var name in attributes) {`
	`55`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`55`	`56`	`select.setAttribute(name, attributes[name]);`
`56`	`57`	`}`
`57`	`58`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ export default function maChoicesField($compile) {`
`48`	`48`	`var select = element.children()[0];`
`49`	`49`
`50`	`50`	`for (var name in attributes) {`
	`51`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`51`	`52`	`select.setAttribute(name, attributes[name]);`
`52`	`53`	`}`
`53`	`54`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ export default function maDateField() {`
`27`	`27`	`var input = element.find('input').eq(0);`
`28`	`28`	`var attributes = field.attributes();`
`29`	`29`	`for (var name in attributes) {`
	`30`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`30`	`31`	`input.attr(name, attributes[name]);`
`31`	`32`	`}`
`32`	`33`	`scope.toggleDatePicker = function ($event) {`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ export default function maJsonField() {`
`40`	`40`	`var input = element.children()[0];`
`41`	`41`	`var attributes = field.attributes();`
`42`	`42`	`for (var name in attributes) {`
	`43`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`43`	`44`	`input.setAttribute(name, attributes[name]);`
`44`	`45`	`}`
`45`	`46`	`scope.$watch('jsonValue', function(jsonValue) {`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ export default function maTextField() {`
`17`	`17`	`var input = element.children()[0];`
`18`	`18`	`var attributes = field.attributes();`
`19`	`19`	`for (var name in attributes) {`
	`20`	`+ if (!attributes.hasOwnProperty(name)) continue;`
`20`	`21`	`input.setAttribute(name, attributes[name]);`
`21`	`22`	`}`
`22`	`23`	`},`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ export default function OrderElement() {`
`4`	`4`	`objectKey;`
`5`	`5`
`6`	`6`	`for (objectKey in input) {`
	`7`	`+ if (!input.hasOwnProperty(objectKey)) continue;`
`7`	`8`	`results.push(input[objectKey]);`
`8`	`9`	`}`
`9`	`10`