Lorenzo Stella

This is an important feature that we're still missing. A few days ago @baltpeter tried to address this in #66, but since we are expecting a constant increase in complexity...

Thanks to @baltpeter (#66, #67) Electronegativity is getting smarter! 🎉 Things we still need to do before pushing a new version: - [ ] Add some more tests https://github.com/doyensec/electronegativity/pull/66#discussion_r447819048 -...

Hello Mitch! I added to the `LIMIT_NAVIGATION_JS_CHECK` check the support for `setWindowOpenHandler`. The change is live from [v1.9.1](https://github.com/doyensec/electronegativity/releases/tag/v1.9.1). Let me know if it works for you. About your question, the...

Hello @xntrik and thank you for your feedback! You were right about the need for an eslint-like annotation system, so we pushed it on d41c8c3ab7fdc908b5e78aa4f2c7a58638e3dd28. For now we only introduced...

I'll leave this issue open for some time in case someone have any feedback on d41c8c3ab7fdc908b5e78aa4f2c7a58638e3dd28 or 1497db664c9468bc244d37cfec38a1c792731a2c.

Hello @randallmorey! In the latest tag ([v1.8.1](https://github.com/doyensec/electronegativity/releases/tag/v1.8.1) and above) you should be able to exclude those checks via CLI arguments (`-x LimitNavigationJsCheck,PermissionRequestHandlerJsCheck,CSPJsCheck`). Nonetheless, since I recently received similar feedback from...

I added to the `nodeIntegration` check a first consideration for unary expressions such as `!0` || `!1`. However this would still not cover more complicated cases such as `!!0` ||...

> The proposed _lazy_ solution seems reasonable to me. The only way I can see us supporting such cases without using eval or the constructor function is by writing a...

Hello and thanks for reporting this! Electronegativity was designed to be a command-line tool for auditors, which only later was adapted to be optionally used as a library. The documentation...

How come this is still unfixed? :(