Sign in Subscribe
By Vishal Basumatary in javascript

Do not access Object.prototype method 'hasOwnProperty' from target object

Why Shouldn't We Access Object.prototype Method 'hasOwnProperty' from Target Object?

If you are a JavaScript developer, you might have come across the warning message "Do not access Object.prototype method 'hasOwnProperty' from target object" when you are analyzing your JavaScript code in the console or in your IDE such as Visual Studio Code.

This warning is a result of a potential security vulnerability when accessing the built-in method 'hasOwnProperty' directly from an object. In summary, you should never access 'hasOwnProperty' directly from an object, but instead use the method in a safe way.

What is Object.prototype?

Before we dive into the details, let's first understand what Object.prototype is. In JavaScript, almost everything is an object. Object.prototype is the base object on which all other objects are built upon. All objects in JavaScript inherit properties and methods from Object.prototype.

What is the 'hasOwnProperty' Method?

The 'hasOwnProperty' method is a built-in method in JavaScript that checks whether an object has a property with a specific name. It returns a boolean value indicating whether or not the object has the specified property as its own property. Here is an example:


const myObject = {
  name: 'Raju',
  age: 25
};

console.log(myObject.hasOwnProperty('name')); // true
console.log(myObject.hasOwnProperty('salary')); // false

The first console.log statement will return true because the 'name' property is present in the 'myObject' object. The second console.log statement will return false because the 'salary' property is not present in the 'myObject' object.

Why Shouldn't We Access 'hasOwnProperty' Method Directly from an Object?

When we access the 'hasOwnProperty' method directly from an object, we are actually accessing the method from Object.prototype. This can be a potential security vulnerability because if someone creates an object with a property named 'hasOwnProperty', then they can potentially override the built-in method and execute arbitrary code. Here is an example:


const myObject = {
  hasOwnProperty: function() {
    console.log('This is not the built-in method!');
  },
  name: 'Raju',
  age: 25
};

myObject.hasOwnProperty('name'); // This is not the built-in method!

In this example, we have created an object 'myObject' with a property named 'hasOwnProperty'. We have also defined a function as its value that logs a message to the console. When we call the 'hasOwnProperty' method on 'myObject', we are actually calling the overridden method instead of the built-in method which can lead to unpredictable behavior.

How to Safely Use the 'hasOwnProperty' Method?

The safe way to use the 'hasOwnProperty' method is by calling it from Object.prototype and passing the object as an argument. Here is an example:


const myObject = {
  name: 'Raju',
  age: 25
};

console.log(Object.prototype.hasOwnProperty.call(myObject, 'name')); // true
console.log(Object.prototype.hasOwnProperty.call(myObject, 'salary')); // false

In this example, we are calling the 'hasOwnProperty' method from Object.prototype by using the call() method. We are passing the 'myObject' object as the first argument and the property name as the second argument.

By using this method, we can avoid the potential security vulnerability that comes with accessing the method directly from an object.

Subscribe to The Poor Coder | Algorithm Solutions

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe