eslint-plugin-no-wildcard-postmessage
Advanced tools
eslint-plugin-no-wildcard-postmessage - npm Package Compare versions
Comparing version
@@ -1,2 +0,1 @@ | ||
| /* global module, require */ | ||
| module.exports = { | ||
@@ -3,0 +2,0 @@ rules: { |
@@ -1,5 +0,6 @@ | ||
| /* global module */ | ||
| "use strict"; | ||
| /** | ||
| * @fileoverview Rule to flag wildcard targets in postMessage | ||
| * @author Frederik Braun | ||
| * @author eslint-plugin-no-wildcard-postmessage contributors | ||
| * @copyright 2015 Mozilla Corporation. All rights reserved. | ||
@@ -12,30 +13,42 @@ */ | ||
| module.exports = function (context) { | ||
| "use strict"; | ||
| return { | ||
| CallExpression: function (node) { | ||
| // postMessage and somewindow.postMessage | ||
| var funcName; | ||
| if (node.callee.name) { | ||
| funcName = node.callee.name; | ||
| } else if (node.callee.property && node.callee.property.name) { | ||
| funcName = node.callee.property.name; | ||
| } else { | ||
| // anonymous function | ||
| return; | ||
| } | ||
| if (funcName === "postMessage") { | ||
| if (node.arguments.length > 1) { | ||
| if ((node.arguments[1].type === "Literal") && | ||
| (node.arguments[1].value === "*")) { | ||
| context.report(node, "Using postMessage() with" + | ||
| " wildcard targets is not allowed."); | ||
| } | ||
| module.exports = { | ||
| meta: { | ||
| docs: { | ||
| description: "Flag Wildcard Targets in `postmessage`", | ||
| recommended: true | ||
| }, | ||
| fixable: null, | ||
| schema: [ | ||
| // fill in your rschema | ||
| ] | ||
| }, | ||
| create(context) { | ||
| //---------------------------------------------------------------------- | ||
| // Public | ||
| //---------------------------------------------------------------------- | ||
| return { | ||
| CallExpression(node) { | ||
| // postMessage and somewindow.postMessage | ||
| let funcName; | ||
| if (node.callee.name) { | ||
| funcName = node.callee.name; | ||
| } else if (node.callee.property && node.callee.property.name) { | ||
| funcName = node.callee.property.name; | ||
| } else { | ||
| // anonymous function | ||
| return; | ||
| } | ||
| if (funcName === "postMessage") { | ||
| const [, originNode] = node.arguments; | ||
| if (originNode && originNode.type === "Literal" && originNode.value === "*") { | ||
| context.report(node, "Using postMessage() with wildcard targets is not allowed."); | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }; | ||
| }; | ||
| } | ||
| }; |
| { | ||
| "name": "eslint-plugin-no-wildcard-postmessage", | ||
| "description": "custom ESLint rule to disallows calling postMessage to wildcard targets", | ||
| "version": "0.1.3", | ||
| "author": { | ||
| "name": "Frederik Braun" | ||
| }, | ||
| "version": "0.2.0", | ||
| "author": "eslint-plugin-no-wildcard-postmessage contributors", | ||
| "bugs": { | ||
@@ -12,7 +10,7 @@ "url": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues" | ||
| "devDependencies": { | ||
| "mocha": "^2.2.4" | ||
| "eslint": "^6.8.0", | ||
| "eslint-plugin-node": "^11.1.0", | ||
| "mocha": "^3.2.0" | ||
| }, | ||
| "dependencies": { | ||
| "eslint": "^1.4.1" | ||
| }, | ||
| "dependencies": {}, | ||
| "homepage": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/", | ||
@@ -32,6 +30,9 @@ "keywords": [ | ||
| }, | ||
| "scripts":{ | ||
| "test": "mocha tests/rules/", | ||
| "scripts": { | ||
| "test": "./node_modules/.bin/mocha tests/rules/", | ||
| "lint": "node_modules/.bin/eslint index.js lib/**/*.js tests/**/*.js" | ||
| }, | ||
| "engines": { | ||
| "node": ">= 10" | ||
| } | ||
| } |
@@ -1,5 +0,4 @@ | ||
| /* global require */ | ||
| /** | ||
| * @fileoverview Test for no-wildcard-postmessage.js rule | ||
| * @author Frederik Braun | ||
| * @author eslint-plugin-no-wildcard-postmessage contributors | ||
| * @copyright 2015 Mozilla Corporation. All rights reserved | ||
@@ -12,4 +11,4 @@ */ | ||
| var rule = require("../../lib/rules/no-wildcard-postmessage.js"); | ||
| var RuleTester = require("eslint").RuleTester; | ||
| const rule = require("../../lib/rules/no-wildcard-postmessage.js"); | ||
| const { RuleTester } = require("eslint"); | ||
@@ -20,27 +19,10 @@ //------------------------------------------------------------------------------ | ||
| var eslintTester = new RuleTester(); | ||
| const eslintTester = new RuleTester(); | ||
| var features = { templateStrings: true, spread: true }; | ||
| eslintTester.run("no-wildcard-postmessage", rule, { | ||
| valid: [ | ||
| { | ||
| code: "postMessage(obj);", | ||
| ecmaFeatures: features | ||
| }, | ||
| { | ||
| code: "frame.postMessage(obj, 'http://domain.tld');", | ||
| ecmaFeatures: features | ||
| }, | ||
| { | ||
| code: "frame.postMessage(obj, 'http://domain.tld');", | ||
| ecmaFeatures: features | ||
| }, | ||
| { // iife | ||
| code: "(function() {})()", | ||
| ecmaFeatures: features | ||
| } | ||
| "postMessage(obj);", | ||
| "frame.postMessage(obj, 'http://domain.tld');", | ||
| "frame.postMessage(obj, 'http://domain.tld');", | ||
| "(function() {})()", | ||
| ], | ||
@@ -56,13 +38,4 @@ | ||
| }], | ||
| ecmaFeatures: features | ||
| }, | ||
| { | ||
| code: "postMessage(obj, '*');", | ||
| errors: [{ | ||
| message: "Using postMessage() with wildcard targets is not allowed.", | ||
| type: "CallExpression" | ||
| }], | ||
| ecmaFeatures: features | ||
| }, | ||
| { | ||
| code: "win.postMessage(obj, '*');", | ||
@@ -73,5 +46,4 @@ errors: [{ | ||
| }], | ||
| ecmaFeatures: features | ||
| } | ||
| ] | ||
| }); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Improved metrics
- Total package byte prevSize
23333
3.67%- Dependency count
0
-100%Worsened metrics
- Dev dependency count
3
200%- Lines of code
90
-15.09%Dependency changes
- Removed
eslint@^1.4.1- Removed
ansi-escapes@1.4.0(transitive)- Removed
ansi-regex@2.1.1(transitive)- Removed
ansi-styles@2.2.1(transitive)- Removed
argparse@1.0.10(transitive)- Removed
balanced-match@1.0.2(transitive)- Removed
brace-expansion@1.1.11(transitive)- Removed
buffer-from@1.1.2(transitive)- Removed
call-bind@1.0.8(transitive)- Removed
call-bind-apply-helpers@1.0.2(transitive)- Removed
call-bound@1.0.4(transitive)- Removed
chalk@1.1.3(transitive)- Removed
circular-json@0.3.3(transitive)- Removed
cli-cursor@1.0.2(transitive)- Removed
cli-width@1.1.1(transitive)- Removed
code-point-at@1.1.0(transitive)- Removed
concat-map@0.0.1(transitive)- Removed
concat-stream@1.6.2(transitive)- Removed
core-util-is@1.0.3(transitive)- Removed
d@1.0.2(transitive)- Removed
debug@2.6.9(transitive)- Removed
deep-is@0.1.4(transitive)- Removed
define-data-property@1.1.4(transitive)- Removed
doctrine@0.7.2(transitive)- Removed
dunder-proto@1.0.1(transitive)- Removed
es-define-property@1.0.1(transitive)- Removed
es-errors@1.3.0(transitive)- Removed
es-object-atoms@1.1.1(transitive)- Removed
es5-ext@0.10.64(transitive)- Removed
es6-iterator@2.0.3(transitive)- Removed
es6-map@0.1.5(transitive)- Removed
es6-set@0.1.6(transitive)- Removed
es6-symbol@3.1.4(transitive)- Removed
es6-weak-map@2.0.3(transitive)- Removed
escape-string-regexp@1.0.5(transitive)- Removed
escope@3.6.0(transitive)- Removed
eslint@1.10.3(transitive)- Removed
esniff@2.0.1(transitive)- Removed
espree@2.2.5(transitive)- Removed
esprima@2.7.3(transitive)- Removed
esrecurse@4.3.0(transitive)- Removed
estraverse@4.3.05.3.0(transitive)- Removed
estraverse-fb@1.3.2(transitive)- Removed
esutils@1.1.62.0.3(transitive)- Removed
event-emitter@0.3.5(transitive)- Removed
exit-hook@1.1.1(transitive)- Removed
ext@1.7.0(transitive)- Removed
fast-levenshtein@1.0.7(transitive)- Removed
figures@1.7.0(transitive)- Removed
file-entry-cache@1.3.1(transitive)- Removed
flat-cache@1.3.4(transitive)- Removed
fs.realpath@1.0.0(transitive)- Removed
function-bind@1.1.2(transitive)- Removed
generate-function@2.3.1(transitive)- Removed
generate-object-property@1.2.0(transitive)- Removed
get-intrinsic@1.3.0(transitive)- Removed
get-proto@1.0.1(transitive)- Removed
glob@5.0.157.2.3(transitive)- Removed
globals@8.18.0(transitive)- Removed
gopd@1.2.0(transitive)- Removed
graceful-fs@4.2.11(transitive)- Removed
handlebars@4.7.8(transitive)- Removed
has-ansi@2.0.0(transitive)- Removed
has-property-descriptors@1.0.2(transitive)- Removed
has-symbols@1.1.0(transitive)- Removed
hasown@2.0.2(transitive)- Removed
inflight@1.0.6(transitive)- Removed
inherits@2.0.4(transitive)- Removed
inquirer@0.11.4(transitive)- Removed
is-fullwidth-code-point@1.0.0(transitive)- Removed
is-my-ip-valid@1.0.1(transitive)- Removed
is-my-json-valid@2.20.6(transitive)- Removed
is-property@1.0.2(transitive)- Removed
is-resolvable@1.1.0(transitive)- Removed
isarray@0.0.11.0.02.0.5(transitive)- Removed
js-yaml@3.4.5(transitive)- Removed
json-stable-stringify@1.3.0(transitive)- Removed
jsonify@0.0.1(transitive)- Removed
jsonpointer@5.0.1(transitive)- Removed
levn@0.2.5(transitive)- Removed
lodash@3.10.1(transitive)- Removed
lodash._arraycopy@3.0.0(transitive)- Removed
lodash._arrayeach@3.0.0(transitive)- Removed
lodash._arraymap@3.0.0(transitive)- Removed
lodash._baseassign@3.2.0(transitive)- Removed
lodash._baseclone@3.3.0(transitive)- Removed
lodash._basecopy@3.0.1(transitive)- Removed
lodash._basedifference@3.0.3(transitive)- Removed
lodash._baseflatten@3.1.4(transitive)- Removed
lodash._basefor@3.0.3(transitive)- Removed
lodash._baseindexof@3.1.0(transitive)- Removed
lodash._bindcallback@3.0.1(transitive)- Removed
lodash._cacheindexof@3.0.2(transitive)- Removed
lodash._createassigner@3.1.1(transitive)- Removed
lodash._createcache@3.1.2(transitive)- Removed
lodash._getnative@3.9.1(transitive)- Removed
lodash._isiterateecall@3.0.9(transitive)- Removed
lodash._pickbyarray@3.0.2(transitive)- Removed
lodash._pickbycallback@3.0.0(transitive)- Removed
lodash.clonedeep@3.0.2(transitive)- Removed
lodash.isarguments@3.1.0(transitive)- Removed
lodash.isarray@3.0.4(transitive)- Removed
lodash.isplainobject@3.2.0(transitive)- Removed
lodash.istypedarray@3.0.6(transitive)- Removed
lodash.keys@3.1.2(transitive)- Removed
lodash.keysin@3.0.8(transitive)- Removed
lodash.merge@3.3.2(transitive)- Removed
lodash.omit@3.1.0(transitive)- Removed
lodash.restparam@3.6.1(transitive)- Removed
lodash.toplainobject@3.0.0(transitive)- Removed
math-intrinsics@1.1.0(transitive)- Removed
minimatch@3.1.2(transitive)- Removed
minimist@1.2.8(transitive)- Removed
mkdirp@0.5.6(transitive)- Removed
ms@2.0.0(transitive)- Removed
mute-stream@0.0.5(transitive)- Removed
neo-async@2.6.2(transitive)- Removed
next-tick@1.1.0(transitive)- Removed
number-is-nan@1.0.1(transitive)- Removed
object-assign@4.1.1(transitive)- Removed
object-keys@1.1.1(transitive)- Removed
once@1.4.0(transitive)- Removed
onetime@1.1.0(transitive)- Removed
optionator@0.6.0(transitive)- Removed
os-homedir@1.0.2(transitive)- Removed
path-is-absolute@1.0.1(transitive)- Removed
path-is-inside@1.0.2(transitive)- Removed
prelude-ls@1.1.2(transitive)- Removed
process-nextick-args@2.0.1(transitive)- Removed
readable-stream@2.3.8(transitive)- Removed
readline2@1.0.1(transitive)- Removed
restore-cursor@1.0.1(transitive)- Removed
rimraf@2.6.3(transitive)- Removed
run-async@0.1.0(transitive)- Removed
rx-lite@3.1.2(transitive)- Removed
safe-buffer@5.1.2(transitive)- Removed
set-function-length@1.2.2(transitive)- Removed
shelljs@0.5.3(transitive)- Removed
source-map@0.6.1(transitive)- Removed
sprintf-js@1.0.3(transitive)- Removed
string-width@1.0.2(transitive)- Removed
string_decoder@1.1.1(transitive)- Removed
strip-ansi@3.0.1(transitive)- Removed
strip-json-comments@1.0.4(transitive)- Removed
supports-color@2.0.0(transitive)- Removed
text-table@0.2.0(transitive)- Removed
through@2.3.8(transitive)- Removed
type@2.7.3(transitive)- Removed
type-check@0.3.2(transitive)- Removed
typedarray@0.0.6(transitive)- Removed
uglify-js@3.19.3(transitive)- Removed
user-home@2.0.0(transitive)- Removed
util-deprecate@1.0.2(transitive)- Removed
wordwrap@0.0.31.0.0(transitive)- Removed
wrappy@1.0.2(transitive)- Removed
write@0.2.1(transitive)- Removed
xml-escape@1.0.0(transitive)- Removed
xtend@4.0.2(transitive)