CodeQL documentation

Use of for-in comprehension blocks

ID: js/for-in-comprehension
Kind: problem
Security severity: 
Severity: error
Precision: very-high
Tags:
   - portability
   - maintainability
   - language-features
   - external/cwe/cwe-758
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

for-in blocks in array comprehensions are a Mozilla-specific language extensions that is no longer supported even by SpiderMonkey, and is unlikely to be included in future ECMAScript standards. This language feature should not be used.

Recommendation

The for-in block can be replaced by a (standards-compliant) for-of block iterating over a list of property names obtained, for example, from Object.keys.

Example

In the following contrived example, a for-in block is used to iterate over the keys i of an array and construct an array of strings of the form "v = a[i]", where v is the value of a[i].

var a = [23,,42];
var desc = [for(i in a) i + " = a[" + i + "]"];

The example can be rewritten to use a for-of block iterating over Object.keys(a) instead.

var a = [23,,42];
var desc = [for(i of Object.keys(a)) i + " = a[" + i + "]"];

Note that Object.keys only includes own properties, not properties inherited from a prototype. If the latter behavior is needed, the array comprehension should be replaced by a for-in loop that imperatively populates the result array.

References

  • © GitHub, Inc.
  • Terms
  • Privacy