fix: Change the "in" operator to hasOwnProperty

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

13.61k stars 695 forks source link

fix: Change the "in" operator to hasOwnProperty #910

Closed ssi02014 closed 6 months ago

ssi02014 commented 6 months ago

Summary

@cure53 👋 Related: https://github.com/cure53/DOMPurify/pull/908

Why not use the hasOwnProperty function to overcome the problems with the in operator? In practice, this won't change much of the behavior. However, I expect it would be more stable..!! 🙏

Reference

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/in#inherited_properties https://stackoverflow.com/questions/13632999/if-key-in-object-or-ifobject-hasownpropertykey

cure53 commented 6 months ago

Looks good to me, thank you again :slightly_smiling_face: