🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-plugin-no-jquery
Advanced tools
eslint-plugin-no-jquery - npm Package Compare versions
Comparing version 3.0.1 to 3.0.2
| { | ||
| "name": "eslint-plugin-no-jquery", | ||
| "version": "3.0.1", | ||
| "version": "3.0.2", | ||
| "description": "Disallow jQuery functions with native equivalents.", | ||
@@ -5,0 +5,0 @@ "repository": { |
| 'use strict'; | ||
| const utils = require( '../utils.js' ); | ||
| const methods = [ 'append', 'prepend', 'before', 'after', 'replaceWith', 'add', 'appendTo', 'prependTo' ]; | ||
| // htmlStrings or jQuery collections | ||
| const htmlOrCollectionMethods = [ 'append', 'prepend', 'before', 'after', 'replaceWith' ]; | ||
| // htmlStrings, selectors or jQuery collections | ||
| const htmlOrSelectorOrCollectionMethods = [ 'add', 'appendTo', 'prependTo', 'insertBefore', 'insertAfter' ]; | ||
| const allMethods = htmlOrCollectionMethods.concat( htmlOrSelectorOrCollectionMethods ); | ||
@@ -25,3 +29,3 @@ function alljQueryOrEmpty( context, node ) { | ||
| docs: { | ||
| description: 'Disallows using ' + methods.map( utils.jQueryCollectionLink ).join( '/' ) + | ||
| description: 'Disallows using ' + allMethods.map( utils.jQueryCollectionLink ).join( '/' ) + | ||
| ' to inject HTML, in order to prevent possible XSS bugs.' | ||
@@ -36,3 +40,3 @@ }, | ||
| node.callee.type === 'MemberExpression' && | ||
| methods.includes( node.callee.property.name ) | ||
| allMethods.includes( node.callee.property.name ) | ||
| ) ) { | ||
@@ -44,2 +48,7 @@ return; | ||
| } | ||
| if ( htmlOrSelectorOrCollectionMethods.includes( node.callee.property.name ) ) { | ||
| if ( node.arguments.every( ( arg ) => !utils.isHtmlString( arg ) ) ) { | ||
| return; | ||
| } | ||
| } | ||
@@ -46,0 +55,0 @@ if ( utils.isjQuery( context, node.callee ) ) { |
@@ -5,4 +5,2 @@ 'use strict'; | ||
| // HTML regex (modified from jQuery) | ||
| const rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*)$/; | ||
| // Single tag regex (from jQuery) | ||
@@ -13,22 +11,2 @@ const rsingleTag = /^<([a-z][^/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i; | ||
| function allLiteral( node ) { | ||
| if ( node.type === 'BinaryExpression' ) { | ||
| return allLiteral( node.left ) && allLiteral( node.right ); | ||
| } else { | ||
| return node.type === 'Literal'; | ||
| } | ||
| } | ||
| function joinLiterals( node ) { | ||
| if ( node.type === 'BinaryExpression' ) { | ||
| return joinLiterals( node.left ) + joinLiterals( node.right ); | ||
| } | ||
| /* istanbul ignore else */ | ||
| if ( node.type === 'Literal' ) { | ||
| return node.value; | ||
| } | ||
| /* istanbul ignore next */ | ||
| throw new Error( 'Non-literal node passed to joinLiteral' ); | ||
| } | ||
| module.exports = { | ||
@@ -99,7 +77,6 @@ meta: { | ||
| if ( allowSingle ) { | ||
| const value = arg && allLiteral( arg ) && joinLiterals( arg ); | ||
| if ( !( typeof value === 'string' && value ) || !rquickExpr.exec( value ) ) { | ||
| // Empty or non-string, or non-HTML | ||
| if ( !utils.isHtmlString( arg ) ) { | ||
| return; | ||
| } | ||
| const value = utils.joinLiterals( arg ); | ||
| let match; | ||
@@ -128,3 +105,3 @@ if ( ( match = rsingleTag.exec( value ) ) ) { | ||
| } | ||
| } else if ( !( arg && allLiteral( arg ) ) ) { | ||
| } else if ( !( arg && utils.allLiteral( arg ) ) ) { | ||
| // Non literals passed to $.parseHTML | ||
@@ -131,0 +108,0 @@ return; |
@@ -5,15 +5,2 @@ 'use strict'; | ||
| function collectLiterals( node ) { | ||
| if ( node.type === 'BinaryExpression' ) { | ||
| return collectLiterals( node.left ) + collectLiterals( node.right ); | ||
| } else if ( node.type === 'Literal' ) { | ||
| return node.value; | ||
| } else if ( node.type === 'Identifier' ) { | ||
| // Dummy value for regex matching | ||
| return 'A0'; | ||
| } else { | ||
| return ''; | ||
| } | ||
| } | ||
| module.exports = { | ||
@@ -83,3 +70,3 @@ meta: { | ||
| context.options[ 0 ].allowOther; | ||
| const value = collectLiterals( node.arguments[ 0 ] ); | ||
| const value = utils.joinLiterals( node.arguments[ 0 ] ); | ||
@@ -86,0 +73,0 @@ if ( !allowPositional && forbiddenPositional.test( value ) ) { |
@@ -544,2 +544,31 @@ 'use strict'; | ||
| function allLiteral( node ) { | ||
| if ( node.type === 'BinaryExpression' ) { | ||
| return allLiteral( node.left ) && allLiteral( node.right ); | ||
| } else { | ||
| return node.type === 'Literal'; | ||
| } | ||
| } | ||
| function joinLiterals( node ) { | ||
| if ( node.type === 'BinaryExpression' ) { | ||
| return joinLiterals( node.left ) + joinLiterals( node.right ); | ||
| } else if ( node.type === 'Literal' ) { | ||
| return node.value; | ||
| } else if ( node.type === 'Identifier' ) { | ||
| // Dummy value for regex matching | ||
| return 'A0'; | ||
| } else { | ||
| return ''; | ||
| } | ||
| } | ||
| // HTML regex (modified from jQuery) | ||
| const rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*)$/; | ||
| function isHtmlString( arg ) { | ||
| const value = arg && allLiteral( arg ) && joinLiterals( arg ); | ||
| return typeof value === 'string' && value && rquickExpr.exec( value ); | ||
| } | ||
| module.exports = { | ||
@@ -556,3 +585,6 @@ isjQuery, | ||
| jQueryCollectionLink, | ||
| jQueryGlobalLink | ||
| jQueryGlobalLink, | ||
| allLiteral, | ||
| joinLiterals, | ||
| isHtmlString | ||
| }; |
No alert changes
Improved metrics
- Total package byte prevSize
92709
0.26%- Lines of code
2701
0.15%No dependency changes