JavaScript - Avoid use of debugger statements - Catalog UI Policy scriptFalse

Rule number

SN-0363

Impact

The debugger statement can be placed anywhere in procedures to suspend execution. Using the debugger statement is similar to setting a breakpoint in the code. By definition such statement must absolutely be removed from the source code to prevent any unexpected behavior or added vulnerability to attacks in production.

Remediation

Remove all debugger statements from your code.

Time to fix

10 min

References

This rule is linked to Common Weakness Enumeration CWE-489 Leftover Debug Code.

Code examples

Noncompliant code

for (i = 1; i<6; i++) {
// Print i to the Output window.
Debug.write("current loop index is " + i);
// Wait for user to resume.
debugger;
}

Compliant code

for (i = 1; i<6; i++) {
// Print i to the Output window.
Debug.write("current loop index is " + i);
}