org.sonar.l10n.javascript.rules.javascript.S1442.html Maven / Gradle / Ivy
alert(...)
as well as confirm(...)
and prompt(...)
can be useful for debugging during development, but in
production mode this kind of pop-up could expose sensitive information to attackers, and should never be displayed.
Noncompliant Code Example
if(unexpectedCondition) {
alert("Unexpected Condition");
}
See
- OWASP Top 10 2017 Category A3 - Sensitive Data
Exposure
- MITRE, CWE-489 - Active Debug Code
Deprecated
This rule is deprecated; use {rule:javascript:S4507} instead.