eslint-plugin-no-unsanitized
Advanced tools
Comparing version 2.0.0 to 2.0.1
@@ -7,6 +7,6 @@ /* global module, require */ | ||
}, | ||
config: { | ||
configs: { | ||
DOM: { | ||
rules: { | ||
"property": [ | ||
"no-unsanitized/property": [ | ||
"error", | ||
@@ -24,3 +24,3 @@ { | ||
], | ||
"method": [ | ||
"no-unsanitized/method": [ | ||
"error", | ||
@@ -27,0 +27,0 @@ { |
@@ -114,3 +114,3 @@ /** | ||
methodName = node.property.name; | ||
objectName = node.object.name; | ||
objectName = node.object.name || this.context.getSource(node.object); | ||
break; | ||
@@ -171,3 +171,3 @@ case "ArrowFunctionExpression": | ||
// If we do have object filters and the call is a function then it should not be checked | ||
if ("objectName" in normalizedMethodCall) { | ||
if ("objectName" in normalizedMethodCall && normalizedMethodCall.objectName) { | ||
for (const objectMatch of objectMatches) { | ||
@@ -174,0 +174,0 @@ const match = new RegExp(objectMatch, "gi"); |
@@ -40,2 +40,36 @@ /* global module */ | ||
/** | ||
* Run ruleHelper.checkMethod for all but irrelevant callees (FunctionExpression, etc.) | ||
* @param {Object} ruleHelper a RuleHelper instance | ||
* @param {Object} callExpr The CallExpression we triggered on | ||
* @param {Object} node The callee node | ||
* @returns {undefined} Does not return | ||
*/ | ||
function checkCallExpression(ruleHelper, callExpr, node) { | ||
switch(node.type) { | ||
case "Identifier": | ||
case "MemberExpression": | ||
if (callExpr.arguments.length > 0) { | ||
ruleHelper.checkMethod(callExpr, defaultRuleChecks); | ||
} | ||
break; | ||
case "AssignmentExpression": | ||
checkCallExpression(ruleHelper, callExpr, node.right); | ||
break; | ||
// those are fine: | ||
case "LogicalExpression": // Should we scan these? issue #62. | ||
case "ConditionalExpression": | ||
case "ArrowFunctionExpression": | ||
case "FunctionExpression": | ||
case "Super": | ||
case "CallExpression": | ||
break; | ||
// If we don't cater for this expression throw an error | ||
default: | ||
ruleHelper.reportUnsupported(node, "Unexpected Callee", "Unsupported Callee for CallExpression"); | ||
} | ||
} | ||
module.exports = { | ||
@@ -55,27 +89,6 @@ meta: { | ||
create(context) { | ||
const ruleHelper = new RuleHelper(context); | ||
return { | ||
CallExpression(node) { | ||
// this is for insertAdjacentHTML(position, markup) | ||
switch(node.callee.type) { | ||
case "Identifier": | ||
case "MemberExpression": | ||
if (node.arguments.length > 0) { | ||
ruleHelper.checkMethod(node, defaultRuleChecks); | ||
} | ||
break; | ||
// those are fine: | ||
case "ArrowFunctionExpression": | ||
break; | ||
case "FunctionExpression": | ||
break; | ||
case "Super": | ||
break; | ||
// If we don't cater for this expression throw an error | ||
default: | ||
context.reportUnsupported(node, "Unexpected Callee", "Unsupported Callee for CallExpression"); | ||
} | ||
const ruleHelper = new RuleHelper(context); | ||
checkCallExpression(ruleHelper, node, node.callee); | ||
} | ||
@@ -82,0 +95,0 @@ }; |
{ | ||
"name": "eslint-plugin-no-unsanitized", | ||
"description": "ESLint rule to disallow unsanitized code", | ||
"version": "2.0.0", | ||
"version": "2.0.1", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "Frederik Braun et al." |
@@ -53,3 +53,3 @@ [![Build Status](https://travis-ci.org/mozilla/eslint-plugin-no-unsanitized.svg?branch=master)](https://travis-ci.org/mozilla/eslint-plugin-no-unsanitized) | ||
"plugins": ["no-unsanitized"], | ||
"env": { | ||
"rules": { | ||
"no-unsanitized/method": "error", | ||
@@ -66,3 +66,3 @@ "no-unsanitized/property": "error" | ||
"plugins": ["no-unsanitized"], | ||
"env": { | ||
"rules": { | ||
"no-unsanitized/method": [ | ||
@@ -85,2 +85,5 @@ "error", | ||
{ | ||
escape: { | ||
taggedTemplates: ["safeHTML"] | ||
} | ||
}, | ||
@@ -87,0 +90,0 @@ { |
@@ -98,2 +98,17 @@ /* global require */ | ||
] | ||
}, | ||
// rule should not barf on a CallExpression result being called again | ||
{ | ||
code: " _tests.shift()();", | ||
}, | ||
{ | ||
code: "(Async.checkAppReady = function() { return true; })();" | ||
}, | ||
{ | ||
code: "let endTime = (mapEnd || (e => e.delta))(this._data[this._data.length - 1]);", | ||
parserOptions: { ecmaVersion: 6 } | ||
}, | ||
{ | ||
code: "(text.endsWith('\\n') ? document.write : document.writeln)(text)" | ||
} | ||
@@ -212,4 +227,15 @@ ], | ||
] | ||
}, | ||
// Test that stem from former parser errors and breakage | ||
{ | ||
code: "getDocument(myID).write(evil)", | ||
errors: [ | ||
{ | ||
message: "Unsafe call to getDocument(myID).write for argument 0", | ||
type: "CallExpression" | ||
} | ||
] | ||
} | ||
] | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
40552
931
98