search

gkz / LiveScript

LiveScript is a language which compiles to JavaScript. It has a straightforward mapping to JavaScript and allows you to write expressive code devoid of repetitive boilerplate. While LiveScript adds many features to assist in functional style programming, it also has many improvements for object oriented and imperative programming.
http://livescript.net
MIT License
2.31k stars 156 forks source link

Bugs in negated `instanceof` expressions #1123

Open gorosgobe opened 9 months ago

gorosgobe commented 9 months ago

in and instanceof expressions in JS

a in obj;
a instanceof C;

can be negated by grouping them and applying the ! operator, i.e.

!(a in obj);
!(a instanceof C);

Applying the ! operator incorrectly (on the LHS operand) leads to bugs:

!a in obj; // will evaluate to false, unless obj has a "true" or "false" key
!a instanceof C; // will evaluate to false, unless C overrides instanceof with a @@hasInstance method

For more information, please see these MDN docs and the no-unsafe-negation recommended Eslint rule.

I have found several potentially problematic instances of the above bugs in your codebase: https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/gkz/LiveScript%24+lang:javascript+/%5C%21%5B%5B:alnum:%5D%5D%2B+instanceof+%5B%5B:alnum:%5D%5D%2B/+-file:%5C.min%5C.js%24+count:all&patternType=standard&sm=1&groupBy=repo

vendethiel commented 9 months ago

LS has not instance/not in composite keywords.

gorosgobe commented 9 months ago

This has nothing to do with LS as the language, but rather with its implementation - see sourcegraph link above.

vendethiel commented 9 months ago

I thought this was a compilation error (wrong level), but the source has it as-is: https://github.com/gkz/LiveScript/blob/master/src/ast.ls#L2515