0

I'm writing a simple code to get the value inside an array. I'm using array[key] to get the value stored inside this array, in a for loop.

var array = ["Foo", "Bar"];

function getValue() {
  for (var key = 0; key < array.length; key++) {
    console.log(array[value]);
  }
}

This method is simple and works fine, however, I've read that this could cause security issue (The Dangers of Square Bracket Notation), and ESlint is not OK with it, throwing this error:

Generic Object Injection Sink (security/detect-object-injection)

Detects variable[key] as a left- or right-hand assignment operand. (ESLint reference)

How can I access the value of the array without using this method ?

I've already read the related question: Why is it bad pratice calling an array index with a variable? and as this question seems too hard to generalize I decided to ask a new canonical question.

Puka
  • 1,485
  • 1
  • 14
  • 33
  • 1
    Since you are dealing with Arrays, try `Array.forEach(function(value) { console.log(value)})`. If you can tell what exactly you are doing, we could suggest better – Rajesh Feb 01 '19 at 10:48
  • 1
    where is `value` defined? – nick zoum Feb 01 '19 at 10:48
  • @nickzoum `value` is user-defined – Puka Feb 01 '19 at 10:49
  • 3
    [Don't use `for…in` enumerations on arrays!](https://stackoverflow.com/q/500504/1048572) – Bergi Feb 01 '19 at 10:49
  • 1
    What exactly is eslint complaining about? Please post the error message. I bet it's about using `for in`, not `array[value]`. – Bergi Feb 01 '19 at 10:50
  • @Bergi I corrected my code and added the exact error. Is it better to you? – Puka Feb 01 '19 at 10:53
  • Thanks. I have no idea what this rule detects exactly, but a generic `…[var]` matching doesn't help with security due to the huge number of false positives. Also, I cannot find the explanation for the rule, the page https://blog.liftsecurity.io/2015/01/14/the-dangers-of-square-bracket-notation/ which is linked from the rule reference seems to be down (has a security warning and no content). – Bergi Feb 01 '19 at 11:00
  • Btw, `var key = 0;` – Bergi Feb 01 '19 at 11:01
  • Yeah, I found the page with the internet archive : https://web.archive.org/web/20150430062816/https://blog.liftsecurity.io/2015/01/15/the-dangers-of-square-bracket-notation – Puka Feb 01 '19 at 11:13

3 Answers3

1

There are a couple of ways to do this.

First: You could use for..of loop. for..of doesn't use the square bracket notation and doesn't give the index directly.

for (let element of list) {
    console.log(element);
}

Second: The other way is what @Rajesh has mentioned: ForEach.

list.ForEach((element) => {
  console.log(element)
});
Puka
  • 1,485
  • 1
  • 14
  • 33
Omkar
  • 340
  • 3
  • 14
1

JavaScript offers many method to help you iterate over array for mapping, filtering and only iterating arrays. Look on the few of them:

  1. forEach() method

    let arr = [1,2,3,4,10];
arr.forEach((item, index) => console.log(item)) //1,2,3,4,10

    This method also allows you to get index of the item.

  2. for-of loop

    for(item of arr) {
  console.log(item) //1,2,3,4,10
}

    This new feature introduced in ES6 and this recommended to iterate over arrays.

    If you want manipulate arrays you can use following method, which also iterating over arrays:

  3. filter()

    arr.filter((item, index)=> item > 5) // Return new array [10]

  4. map()

    arr.map((item, index)=> item*2) // Return new array [2,4,6,8,20]
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Mat.Now
  • 1,715
  • 3
  • 16
  • 31
1

Use Array.prototype.at.

['a','b','c','d','e'].at(2); // 'c'
Nick Manning
  • 2,828
  • 1
  • 29
  • 50