Insufficient type checks using obj.constructor about forge HOT 9 CLOSED

A small add-on - this might be safer - even in case an attacker managed to tamper with the existing constructors:

delete Object;
window instanceof ({}).constructor; // true

from forge.

Is there a specific reason why these kinds of checks are being used? Why not make use of instanceof?

This is a result of very old code that needs updating. A shared isArray call is in forge.util (but it still needs to be updated itself). Also, see:

http://perfectionkills.com/instanceof-considered-harmful-or-how-to-write-a-robust-isarray/

We need to update forge.util.isArray() and use it where applicable.

from forge.

@kangax is - from what I can see - mainly concerned about cross-origin/-frame scenarios and the fragility of instanceof therein. Are they relevant in this situation?

from forge.

@x00mario, well, forge was actually originally created specifically to be used in cross-origin/-frame scenarios -- however, the point of linking to that article was that we should probably adopt the solution given at the end (it has worked well elsewhere):

function isArray(o) {
  return Object.prototype.toString.call(o) === '[object Array]';
}

A combination of Array.isArray (if it exists) and then falling back to the above check would probably be best/most compatible.

from forge.

There is also the hideous mess found here:

http://stackoverflow.com/questions/1058427/how-to-detect-if-a-variable-is-an-array

from forge.

@dlongley You can also: util.isArray = Array.isArray || function(){ ... } since Array.isArray does the same check (against [[Class]]) and is pretty widely supported by now — http://kangax.github.io/es5-compat-table/#Array.isArray

from forge.

@kangax -- yeah, that's what I went with, thanks.

from forge.

@dlongley Ah cool. Didn't notice first condition.

from forge.

Yeah, I consolidated that to make it more clear.

from forge.