[SECURITY] substr() is deprecated and is not part of the core JS.
#37135
Labels
Impact: Security
If the issue is causes a vulnerability
JavaScript
Resolution: Fixed
A PR that fixes this issue has been merged.
Comments
Pranav-yadav
added
JavaScript
Impact: Security
Pranav-yadav
added
the
Resolution: PR Submitted
Pranav-yadav
changed the title
substr() is deprecated and is not part of the core JS.substr() is deprecated and is not part of the core JS.
Pranav-yadav
added
Resolution: Fixed
jeongshin
pushed a commit
to jeongshin/react-native
that referenced
this issue
May 7, 2023
…ook#37136) Summary: Fixes: facebook#37135 - `substr()` is not part of the core JS since ~2018 - No wonder why no one noticed this :) - Though its supported by modern browsers, its deprecated - Reference: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substr ### Why `slice()` and not `substring()`? > Beacuse I like pizza ;) jk The reason, that I'm not using the most obvious alternative `substring()` is; - It _swaps the args_ passed, when; `startIndex > endIndex` —which I think is not a property of _good_ fn and also does not reflects the same in it's name. - It _doesn't support negative args_, which I think reduces flexibility to work with it. - It could lead to more bugs in most of the cases. ### Refecrences: - Ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring#differences_between_substring_and_slice - Ref. for `slice()`: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/slice - Ref. for `substring()`: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substring ## Changelog: [GENERAL][FIXED] - Refactor: `substr()` is deprecated, using `slice()` instead across RN codebase Pull Request resolved: facebook#37136 Test Plan: - `yarn lint && yarn flow && yarn test-ci` --> _should be green_ Reviewed By: christophpurrer Differential Revision: D45477910 Pulled By: jacdebug fbshipit-source-id: 96a80893477599b9a549918924157627b9b0c3f4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
substr()is deprecated and is not part of the core JS since ~2018.No wonder why no one noticed this :)
Reference: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substr
So, I've refactored whole codebase to not use
substr()and useslice()instead here:PR
#TBAOriginally posted by @Pranav-yadav in #35993 (comment)
The text was updated successfully, but these errors were encountered: