[testing][false negative] - setTimeout rule

mozilla / scanjs

[DEPRECATED] Static analysis tool for javascript code.

Other

428 stars 39 forks source link

Closed pwnetrationguru closed 10 years ago

pwnetrationguru commented 10 years ago

setTimeout misses the following dangerous cases:

     var intervalID = window.setTimeout("console.log(2)", 500);
     something.setTimeout("console.log(3)", 500);

pauljt commented 10 years ago

fixed in new scanner.