Document jQuery.isEmptyObject doesn't take symbols into account

[XiaoY0324]

Description

On version 3.6.0, I found a vulnerability，I find that the method of detecting empty objects is not perfect.

isEmptyObject: function( obj ) {
  var name;

  for ( name in obj ) {
     return false;
   }
   return true;
},

The downside of writing this is that the properties of the prototype chain and the Symbol type are not taken into account，I have a better way to implement it as follows.

isEmptyObject: function( obj ) {
    var keys = Object.keys(obj);

    // 看浏览器是否支持 Symbol
    if (typeof Symbol !== "undefined") {
       keys = keys.concat(Object.getOwnPropertySymbols(obj));
    }
  
    return keys.length === 0;
}

Link to test case

This direct modification of the source code test is good, I do not have a service to run this test. I'm looking forward to hearing from you.

[mgol]

The docs for jQuery.isEmptyObject mention what is considered an empty object (emphasis mine):

Description: Check to see if an object is empty (contains no enumerable properties).

The description doesn't account for symbols as it was written long ago. That said, changing the existing behavior would be a breaking change and I think it's better to just update the docs here. I'll mark it for a team discussion.

BTW, what do you mean that you found a vulnerability? You explained a difference between your expectations and the library behavior, I don't see any security issue here.

[timmywil]

We'll make this an API issue and update the wording to mention Symbols and possibly "string keyed properties" like lodash.