# no-prototype-builtins
Disallow direct use of Object.prototype builtins directly.
ES 5.1 added Object.create which allows creation of object with a custom prototype. This
pattern is frequently used for objects used as Maps. However this pattern can lead to errors
if something else relies on prototype properties/methods.
Moreover, the methods could be shadowed, this can lead to random bugs and denial of service
vulnerabilities. For example, calling hasOwnProperty directly on parsed json could lead to vulnerabilities.
Instead, you should use get the method directly from the object using Object.prototype.prop.call(item, args).
# Invalid Code Examples
var bar = foo.hasOwnProperty("bar");
var bar = foo.isPrototypeOf(bar);
var bar = foo.propertyIsEnumerable("bar");
# Correct Code Examples
var bar = Object.prototype.hasOwnProperty.call(foo, "bar");
var bar = Object.prototype.isPrototypeOf.call(foo, bar);
var bar = Object.propertyIsEnumerable.call(foo, "bar");
More incorrect examples
foo.hasOwnProperty("bar");
foo.isPrototypeOf("bar");
foo.propertyIsEnumberable("bar");
foo.bar.baz.hasOwnProperty("bar");
More correct examples
Object.prototype.hasOwnProperty.call(foo, 'bar');
Object.prototype.isPrototypeOf.call(foo, 'bar');
Object.prototype.propertyIsEnumberable.call(foo, 'bar');
Object.prototype.hasOwnProperty.apply(foo, ['bar']);
Object.prototype.isPrototypeOf.apply(foo, ['bar']);
Object.prototype.propertyIsEnumberable.apply(foo, ['bar']);
hasOwnProperty(foo, 'bar');
isPrototypeOf(foo, 'bar');
propertyIsEnumberable(foo, 'bar');
({}.hasOwnProperty.call(foo, 'bar'));
({}.isPrototypeOf.call(foo, 'bar'));
({}.propertyIsEnumberable.call(foo, 'bar'));
({}.hasOwnProperty.apply(foo, ['bar']));
({}.isPrototypeOf.apply(foo, ['bar']));
({}.propertyIsEnumberable.apply(foo, ['bar']));