eslint-plugin-no-unsanitized
Advanced tools
Comparing version 2.0.2 to 3.0.0
@@ -204,5 +204,5 @@ /** | ||
const ruleCheck = Object.assign({}, | ||
defaultRuleChecks[ruleCheckKey], | ||
parentRuleChecks, | ||
childRuleChecks[ruleCheckKey]); | ||
defaultRuleChecks[ruleCheckKey], | ||
parentRuleChecks, | ||
childRuleChecks[ruleCheckKey]); | ||
ruleCheckOutput[ruleCheckKey] = ruleCheck; | ||
@@ -209,0 +209,0 @@ }); |
@@ -23,2 +23,7 @@ /* global module */ | ||
// check first parameter to createContextualFragment() | ||
createContextualFragment: { | ||
properties: [0] | ||
}, | ||
// check first parameter to .write(), as long as the preceeding object matches the regex "document" | ||
@@ -68,2 +73,3 @@ write: { | ||
case "ThisExpression": | ||
case "NewExpression": | ||
break; | ||
@@ -81,3 +87,4 @@ | ||
description: "ESLint rule to disallow unsanitized method calls", | ||
category: "possible-errors" | ||
category: "possible-errors", | ||
url: "https://github.com/mozilla/eslint-plugin-no-unsanitized/tree/master/docs/rules/method.md" | ||
}, | ||
@@ -84,0 +91,0 @@ /* schema statement TBD until we have options |
@@ -31,3 +31,4 @@ /* global module */ | ||
description: "ESLint rule to disallow unsanitized property assignment", | ||
category: "possible-errors" | ||
category: "possible-errors", | ||
url: "https://github.com/mozilla/eslint-plugin-no-unsanitized/tree/master/docs/rules/property.md" | ||
}, | ||
@@ -34,0 +35,0 @@ /* schema statement TBD until we have options |
{ | ||
"name": "eslint-plugin-no-unsanitized", | ||
"description": "ESLint rule to disallow unsanitized code", | ||
"version": "2.0.2", | ||
"version": "3.0.0", | ||
"author": { | ||
@@ -12,6 +12,7 @@ "name": "Frederik Braun et al." | ||
"devDependencies": { | ||
"mocha": "^3.2.0" | ||
"mocha": "^3.2.0", | ||
"eslint": "^4.16.0" | ||
}, | ||
"dependencies": { | ||
"eslint": "^3.19.0" | ||
"peerDependencies": { | ||
"eslint": ">=3" | ||
}, | ||
@@ -18,0 +19,0 @@ "homepage": "https://github.com/mozilla/eslint-plugin-no-unsanitized/", |
@@ -118,2 +118,33 @@ /* global require */ | ||
code: "function foo() { return this().bar(); };", | ||
}, | ||
// issue 73 https://github.com/mozilla/eslint-plugin-no-unsanitized/issues/73 | ||
{ | ||
code: "new Function()();", | ||
}, | ||
{ // issue 79 | ||
code: "range.createContextualFragment('<p class=\"greeting\">Hello!</p>');" | ||
}, | ||
{ // issue 79 | ||
code: "range.createContextualFragment(Sanitizer.escapeHTML`<em>${evil}</em>`);", | ||
parserOptions: { ecmaVersion: 6 }, | ||
options: [ | ||
{ | ||
escape: { | ||
methods: ["escaper"] | ||
} | ||
} | ||
] | ||
}, | ||
{ // issue 79 | ||
code: "range.createContextualFragment(escaper('<em>'+evil+'</em>'));", | ||
options: [ | ||
{ | ||
escape: { | ||
methods: ["escaper"] | ||
} | ||
} | ||
] | ||
} | ||
@@ -264,4 +295,15 @@ ], | ||
] | ||
}, | ||
// Issue 79: Warn for use of createContextualFragment | ||
{ | ||
code: "range.createContextualFragment(badness)", | ||
errors: [ | ||
{ | ||
message: "Unsafe call to range.createContextualFragment for argument 0", | ||
type: "CallExpression" | ||
} | ||
] | ||
} | ||
] | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
47564
1012
2
+ Added@eslint-community/eslint-utils@4.4.0(transitive)
+ Added@eslint-community/regexpp@4.11.1(transitive)
+ Added@eslint/config-array@0.18.0(transitive)
+ Added@eslint/core@0.6.0(transitive)
+ Added@eslint/eslintrc@3.1.0(transitive)
+ Added@eslint/js@9.12.0(transitive)
+ Added@eslint/object-schema@2.1.4(transitive)
+ Added@eslint/plugin-kit@0.2.0(transitive)
+ Added@humanfs/core@0.19.0(transitive)
+ Added@humanfs/node@0.16.5(transitive)
+ Added@humanwhocodes/module-importer@1.0.1(transitive)
+ Added@humanwhocodes/retry@0.3.1(transitive)
+ Added@types/estree@1.0.6(transitive)
+ Added@types/json-schema@7.0.15(transitive)
+ Addedacorn@8.12.1(transitive)
+ Addedacorn-jsx@5.3.2(transitive)
+ Addedajv@6.12.6(transitive)
+ Addedansi-styles@4.3.0(transitive)
+ Addedargparse@2.0.1(transitive)
+ Addedcallsites@3.1.0(transitive)
+ Addedchalk@4.1.2(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedcross-spawn@7.0.3(transitive)
+ Addeddebug@4.3.7(transitive)
+ Addedescape-string-regexp@4.0.0(transitive)
+ Addedeslint@9.12.0(transitive)
+ Addedeslint-scope@8.1.0(transitive)
+ Addedeslint-visitor-keys@3.4.34.1.0(transitive)
+ Addedespree@10.2.0(transitive)
+ Addedfast-deep-equal@3.1.3(transitive)
+ Addedfast-json-stable-stringify@2.1.0(transitive)
+ Addedfile-entry-cache@8.0.0(transitive)
+ Addedfind-up@5.0.0(transitive)
+ Addedflat-cache@4.0.1(transitive)
+ Addedflatted@3.3.1(transitive)
+ Addedglob-parent@6.0.2(transitive)
+ Addedglobals@14.0.0(transitive)
+ Addedhas-flag@4.0.0(transitive)
+ Addedignore@5.3.2(transitive)
+ Addedimport-fresh@3.3.0(transitive)
+ Addedis-extglob@2.1.1(transitive)
+ Addedis-glob@4.0.3(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedjs-yaml@4.1.0(transitive)
+ Addedjson-buffer@3.0.1(transitive)
+ Addedjson-schema-traverse@0.4.1(transitive)
+ Addedjson-stable-stringify-without-jsonify@1.0.1(transitive)
+ Addedkeyv@4.5.4(transitive)
+ Addedlevn@0.4.1(transitive)
+ Addedlocate-path@6.0.0(transitive)
+ Addedlodash.merge@4.6.2(transitive)
+ Addedms@2.1.3(transitive)
+ Addedoptionator@0.9.4(transitive)
+ Addedp-limit@3.1.0(transitive)
+ Addedp-locate@5.0.0(transitive)
+ Addedparent-module@1.0.1(transitive)
+ Addedpath-exists@4.0.0(transitive)
+ Addedpath-key@3.1.1(transitive)
+ Addedprelude-ls@1.2.1(transitive)
+ Addedpunycode@2.3.1(transitive)
+ Addedresolve-from@4.0.0(transitive)
+ Addedshebang-command@2.0.0(transitive)
+ Addedshebang-regex@3.0.0(transitive)
+ Addedstrip-json-comments@3.1.1(transitive)
+ Addedsupports-color@7.2.0(transitive)
+ Addedtype-check@0.4.0(transitive)
+ Addeduri-js@4.4.1(transitive)
+ Addedwhich@2.0.2(transitive)
+ Addedyocto-queue@0.1.0(transitive)
- Removedeslint@^3.19.0
- Removedacorn@3.3.05.7.4(transitive)
- Removedacorn-jsx@3.0.1(transitive)
- Removedajv@4.11.8(transitive)
- Removedajv-keywords@1.5.1(transitive)
- Removedansi-escapes@1.4.0(transitive)
- Removedansi-regex@2.1.13.0.1(transitive)
- Removedansi-styles@2.2.1(transitive)
- Removedargparse@1.0.10(transitive)
- Removedbabel-code-frame@6.26.0(transitive)
- Removedbuffer-from@1.1.2(transitive)
- Removedcall-bind@1.0.7(transitive)
- Removedcaller-path@0.1.0(transitive)
- Removedcallsites@0.2.0(transitive)
- Removedchalk@1.1.3(transitive)
- Removedcircular-json@0.3.3(transitive)
- Removedcli-cursor@1.0.2(transitive)
- Removedcli-width@2.2.1(transitive)
- Removedco@4.6.0(transitive)
- Removedcode-point-at@1.1.0(transitive)
- Removedconcat-stream@1.6.2(transitive)
- Removedcore-util-is@1.0.3(transitive)
- Removedd@1.0.2(transitive)
- Removeddebug@2.6.9(transitive)
- Removeddefine-data-property@1.1.4(transitive)
- Removeddoctrine@2.1.0(transitive)
- Removedes-define-property@1.0.0(transitive)
- Removedes-errors@1.3.0(transitive)
- Removedes5-ext@0.10.64(transitive)
- Removedes6-iterator@2.0.3(transitive)
- Removedes6-map@0.1.5(transitive)
- Removedes6-set@0.1.6(transitive)
- Removedes6-symbol@3.1.4(transitive)
- Removedes6-weak-map@2.0.3(transitive)
- Removedescape-string-regexp@1.0.5(transitive)
- Removedescope@3.6.0(transitive)
- Removedeslint@3.19.0(transitive)
- Removedesniff@2.0.1(transitive)
- Removedespree@3.5.4(transitive)
- Removedesprima@4.0.1(transitive)
- Removedestraverse@4.3.0(transitive)
- Removedevent-emitter@0.3.5(transitive)
- Removedexit-hook@1.1.1(transitive)
- Removedext@1.7.0(transitive)
- Removedfigures@1.7.0(transitive)
- Removedfile-entry-cache@2.0.0(transitive)
- Removedflat-cache@1.3.4(transitive)
- Removedfs.realpath@1.0.0(transitive)
- Removedfunction-bind@1.1.2(transitive)
- Removedgenerate-function@2.3.1(transitive)
- Removedgenerate-object-property@1.2.0(transitive)
- Removedget-intrinsic@1.2.4(transitive)
- Removedglob@7.2.3(transitive)
- Removedglobals@9.18.0(transitive)
- Removedgopd@1.0.1(transitive)
- Removedgraceful-fs@4.2.11(transitive)
- Removedhas-ansi@2.0.0(transitive)
- Removedhas-property-descriptors@1.0.2(transitive)
- Removedhas-proto@1.0.3(transitive)
- Removedhas-symbols@1.0.3(transitive)
- Removedhasown@2.0.2(transitive)
- Removedignore@3.3.10(transitive)
- Removedinflight@1.0.6(transitive)
- Removedinherits@2.0.4(transitive)
- Removedinquirer@0.12.0(transitive)
- Removedinterpret@1.4.0(transitive)
- Removedis-core-module@2.15.1(transitive)
- Removedis-fullwidth-code-point@1.0.02.0.0(transitive)
- Removedis-my-ip-valid@1.0.1(transitive)
- Removedis-my-json-valid@2.20.6(transitive)
- Removedis-property@1.0.2(transitive)
- Removedis-resolvable@1.1.0(transitive)
- Removedisarray@1.0.02.0.5(transitive)
- Removedjs-tokens@3.0.2(transitive)
- Removedjs-yaml@3.14.1(transitive)
- Removedjson-stable-stringify@1.1.1(transitive)
- Removedjsonify@0.0.1(transitive)
- Removedjsonpointer@5.0.1(transitive)
- Removedlevn@0.3.0(transitive)
- Removedlodash@4.17.21(transitive)
- Removedminimist@1.2.8(transitive)
- Removedmkdirp@0.5.6(transitive)
- Removedms@2.0.0(transitive)
- Removedmute-stream@0.0.5(transitive)
- Removednext-tick@1.1.0(transitive)
- Removednumber-is-nan@1.0.1(transitive)
- Removedobject-assign@4.1.1(transitive)
- Removedobject-keys@1.1.1(transitive)
- Removedonce@1.4.0(transitive)
- Removedonetime@1.1.0(transitive)
- Removedoptionator@0.8.3(transitive)
- Removedos-homedir@1.0.2(transitive)
- Removedpath-is-absolute@1.0.1(transitive)
- Removedpath-is-inside@1.0.2(transitive)
- Removedpath-parse@1.0.7(transitive)
- Removedpluralize@1.2.1(transitive)
- Removedprelude-ls@1.1.2(transitive)
- Removedprocess-nextick-args@2.0.1(transitive)
- Removedprogress@1.1.8(transitive)
- Removedreadable-stream@2.3.8(transitive)
- Removedreadline2@1.0.1(transitive)
- Removedrechoir@0.6.2(transitive)
- Removedrequire-uncached@1.0.3(transitive)
- Removedresolve@1.22.8(transitive)
- Removedresolve-from@1.0.1(transitive)
- Removedrestore-cursor@1.0.1(transitive)
- Removedrimraf@2.6.3(transitive)
- Removedrun-async@0.1.0(transitive)
- Removedrx-lite@3.1.2(transitive)
- Removedsafe-buffer@5.1.2(transitive)
- Removedset-function-length@1.2.2(transitive)
- Removedshelljs@0.7.8(transitive)
- Removedslice-ansi@0.0.4(transitive)
- Removedsprintf-js@1.0.3(transitive)
- Removedstring-width@1.0.22.1.1(transitive)
- Removedstring_decoder@1.1.1(transitive)
- Removedstrip-ansi@3.0.14.0.0(transitive)
- Removedstrip-bom@3.0.0(transitive)
- Removedstrip-json-comments@2.0.1(transitive)
- Removedsupports-color@2.0.0(transitive)
- Removedsupports-preserve-symlinks-flag@1.0.0(transitive)
- Removedtable@3.8.3(transitive)
- Removedthrough@2.3.8(transitive)
- Removedtype@2.7.3(transitive)
- Removedtype-check@0.3.2(transitive)
- Removedtypedarray@0.0.6(transitive)
- Removeduser-home@2.0.0(transitive)
- Removedutil-deprecate@1.0.2(transitive)
- Removedwrappy@1.0.2(transitive)
- Removedwrite@0.2.1(transitive)
- Removedxtend@4.0.2(transitive)