Report templatesFunctions
nativeCall
Call whitelisted native JavaScript methods on strings or objects
Usage
The nativeCall function allows calling specific whitelisted native JavaScript methods on strings or getting property counts for objects.
Syntax
{input | nativeCall:methodName}Parameters
input(string or object): The value to operate onmethodName(string): The whitelisted method to call
Whitelisted Methods
String Methods
toUpperCase- Convert string to uppercasetoLowerCase- Convert string to lowercasetrim- Remove whitespace from both endsreplace- Replace text in string (Note: requires additional parameters in actual implementation)
Object Methods
getPropertyCount- Returns the number of properties in an object
Returns
- The result of the method call
- Throws error if method is not whitelisted or doesn't exist for the input type
Examples
Convert to uppercase
{"hello world" | nativeCall:"toUpperCase"}
// Returns: "HELLO WORLD"Convert to lowercase
{"HELLO WORLD" | nativeCall:"toLowerCase"}
// Returns: "hello world"Trim whitespace
{" spaced text " | nativeCall:"trim"}
// Returns: "spaced text"Count object properties
{{"name": "John", "age": 30, "city": "NYC"} | nativeCall:"getPropertyCount"}
// Returns: 3With vulnerability names
{vulnerability.title | nativeCall:"toUpperCase"}
// Returns vulnerability title in uppercaseError Cases
Non-whitelisted method
{"text" | nativeCall:"substring"}
// Throws: Error - Method substring is not allowedInvalid method for type
{123 | nativeCall:"toUpperCase"}
// Throws: Error - Method toUpperCase does not exist for the input typeUse Cases
- Text formatting in reports
- Case conversion for standardization
- Cleaning user input data
- Counting properties for statistics
- Data normalization in templates
Security Note
This function uses a whitelist to prevent arbitrary code execution. Only the listed methods are allowed.