ember-template-lint
Advanced tools
Comparing version 0.5.15 to 0.5.16
@@ -12,4 +12,6 @@ 'use strict'; | ||
'nested-interactive': require('./lint-nested-interactive'), | ||
'inline-link-to': require('./lint-inline-link-to'), | ||
'deprecated-each-syntax': require('./deprecations/lint-deprecated-each-syntax'), | ||
'invalid-interactive': require('./lint-invalid-interactive') | ||
'invalid-interactive': require('./lint-invalid-interactive'), | ||
'style-concatenation': require('./lint-style-concatenation') | ||
}; |
@@ -68,3 +68,3 @@ 'use strict'; | ||
case 'TextNode': | ||
return relAttribute.value.chars === 'noopener'; | ||
return relAttribute.value.chars.indexOf('noopener') !== -1; | ||
default: | ||
@@ -71,0 +71,0 @@ return false; |
{ | ||
"name": "ember-template-lint", | ||
"version": "0.5.15", | ||
"version": "0.5.16", | ||
"description": "Lint your templates.", | ||
@@ -26,3 +26,3 @@ "scripts": { | ||
"loader.js": "^4.0.1", | ||
"mocha": "^2.4.5", | ||
"mocha": "^3.0.0", | ||
"mocha-eslint": "^2.0.2", | ||
@@ -29,0 +29,0 @@ "mocha-only-detector": "^0.1.0", |
@@ -28,2 +28,23 @@ # ember-template-lint | ||
## Usage | ||
Run templates through the linter's `verify` method like so: | ||
```js | ||
var TemplateLinter = require('ember-template-lint'); | ||
var linter = new TemplateLinter(); | ||
var template = fs.readFileSync('some/path/to/template.hbs', { encoding: 'utf8' }); | ||
var results = linter.verify(template); | ||
``` | ||
`results` will be an array of objects which have the following properties: | ||
* `rule` - The name of the rule that triggered this warning/error. | ||
* `message` - The message that should be output. | ||
* `line` - The line on which the error occurred. | ||
* `column` - The column on which the error occurred. | ||
* `moduleId` - The module path for the file containing the error. | ||
* `source` - The source that caused the error. | ||
* `fix` - An object describing how to fix the error. | ||
## Configuration | ||
@@ -300,2 +321,48 @@ | ||
#### inline-link-to | ||
Ember's `link-to` component has both an inline form and a block form. This rule forbids the inline form. | ||
Forbidden (inline form): | ||
```hbs | ||
{{link-to 'Link text' 'routeName' prop1 prop2}} | ||
``` | ||
Allowed (block form): | ||
```hbs | ||
{{#link-to 'routeName' prop1 prop2}}Link text{{/link-to}} | ||
``` | ||
The block form is a little longer but has advantages over the inline form: | ||
* It maps closer to the use of HTML anchor tags which wrap their inner content. | ||
* It provides an obvious way for developers to put nested markup and components inside of their link. | ||
* The block form's argument order is more direct: "link to route". The inline form's argument order is somewhat ambiguous (link text then link target). This is opposite of the order in HTML (`href` then link text). | ||
This rule is configured with one boolean value: | ||
* boolean -- `true` for enabled / `false` for disabled | ||
#### style-concatentation | ||
Ember has a runtime warning that says "Binding style attributes may introduce cross-site scripting vulnerabilities." It can only be avoided by always marking the bound value with `Ember.String.htmlSafe`. While we can't detect statically if you're always providing a safe string, we can detect cases common where it's impossible that you're doing so. For example, | ||
```hbs | ||
<div style="background-style: url({{url}})"> | ||
``` | ||
is never safe because the implied string concatentation does not propagate `htmlSafe`. Any use of quotes is therefore forbidden. This is forbidden: | ||
```hbs | ||
<div style="{{make-background url}}"> | ||
``` | ||
whereas this is allowed: | ||
```hbs | ||
<div style={{make-background url}}> | ||
``` | ||
### Deprecations | ||
@@ -311,3 +378,3 @@ | ||
```hbs | ||
{{{#each post in posts}}} | ||
{{#each post in posts}} | ||
<li>{{post.name}}</li> | ||
@@ -314,0 +381,0 @@ {{/each}} |
@@ -13,3 +13,4 @@ 'use strict'; | ||
'<a href="/some/where" target="_self"></a>', | ||
'<a href="/some/where" target="_blank" rel="noopener"></a>' | ||
'<a href="/some/where" target="_blank" rel="noopener"></a>', | ||
'<a href="/some/where" target="_blank" rel="noopener noreferrer"></a>' | ||
], | ||
@@ -16,0 +17,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
133828
60
3670
408