nativeCall

Usage

The nativeCall function allows calling specific whitelisted native JavaScript methods on strings or getting property counts for objects.

Syntax

{input | nativeCall:methodName}

Parameters

• input (string or object): The value to operate on
• methodName (string): The whitelisted method to call

Whitelisted Methods

String Methods

• toUpperCase - Convert string to uppercase
• toLowerCase - Convert string to lowercase
• trim - Remove whitespace from both ends
• replace - Replace text in string (Note: requires additional parameters in actual implementation)

Object Methods

• getPropertyCount - Returns the number of properties in an object

Returns

• The result of the method call
• Throws error if method is not whitelisted or doesn’t exist for the input type

Examples

Convert to uppercase

{"hello world" | nativeCall:"toUpperCase"}
// Returns: "HELLO WORLD"

Convert to lowercase

{"HELLO WORLD" | nativeCall:"toLowerCase"}
// Returns: "hello world"

Trim whitespace

{"  spaced text  " | nativeCall:"trim"}
// Returns: "spaced text"

Count object properties

{{"name": "John", "age": 30, "city": "NYC"} | nativeCall:"getPropertyCount"}
// Returns: 3

With vulnerability names

{vulnerability.title | nativeCall:"toUpperCase"}
// Returns vulnerability title in uppercase

Error Cases

Non-whitelisted method

{"text" | nativeCall:"substring"}
// Throws: Error - Method substring is not allowed

Invalid method for type

{123 | nativeCall:"toUpperCase"}
// Throws: Error - Method toUpperCase does not exist for the input type

Use Cases

• Text formatting in reports
• Case conversion for standardization
• Cleaning user input data
• Counting properties for statistics
• Data normalization in templates

Security Note

This function uses a whitelist to prevent arbitrary code execution. Only the listed methods are allowed.