paritytech/asset-transfer-api

Avoid using console in code that runs on browser

Closed this issue · 0 comments

Usually, console methods are only used for debugging, and can leak internal info to the client. Removing the console call will fix this issue.

BAD PRACTICE
if (!secure(data)) {
console.log("data is not secure", data) // data is visible to the client
}

console.table(tableObj)
RECOMMENDED
if (!secure(data)) {
// alter the DOM to inform the user that data is insecure.
}

console.table(tableObj) // skipcq: JS-0002 Easter egg. Users are meant

Avoid using console in code that runs on the browser
examples/localLpToken.ts

		}
	);

	console.log(
		`${PURPLE}The following call data that is returned:\n${GREEN}${JSON.stringify(
			callInfo,
			null,
			4
		)}`
	);
} catch (e) {
	console.error(e);
	throw Error(e as string);

Avoid using console in code that runs on the browser
examples/localLpToken.ts

}

const decoded = assetApi.decodeExtrinsic(callInfo.tx, 'call');
console.log(
	`\n${PURPLE}The following decoded tx:\n${GREEN} ${JSON.stringify(
		JSON.parse(decoded),
		null,
		4
	)}${RESET}`
);

};

main().finally(() => process.exit());
Avoid using console in code that runs on the browser
examples/paraToSystemParachainPrimaryNative.ts

		}
	);

	console.log(
		`${PURPLE}The following call data that is returned:\n${GREEN}${JSON.stringify(
			callInfo,
			null,
			4
		)}`
	);
} catch (e) {
	console.error(e);
	throw Error(e as string);

Avoid using console in code that runs on the browser
examples/paraToSystemParachainPrimaryNative.ts

}

const decoded = assetApi.decodeExtrinsic(callInfo.tx, 'call');
console.log(
	`\n${PURPLE}The following decoded tx:\n${GREEN} ${JSON.stringify(
		JSON.parse(decoded),
		null,
		4
	)}${RESET}`
);

};

main().finally(() => process.exit());
Avoid using console in code that runs on the browser
examples/paraToSystemTransferMultiAsset.ts

		}
	);

	console.log(
		`${PURPLE}The following call data that is returned:\n${GREEN}${JSON.stringify(
			callInfo,
			null,
			4
		)}`
	);
} catch (e) {
	console.error(e);
	throw Error(e as string);

1
2
3
4
7