1 | /**
|
---|
2 | * @fileoverview Prevent usage of dangerous JSX props
|
---|
3 | * @author Scott Andrews
|
---|
4 | */
|
---|
5 |
|
---|
6 | 'use strict';
|
---|
7 |
|
---|
8 | const has = require('hasown');
|
---|
9 | const fromEntries = require('object.fromentries/polyfill')();
|
---|
10 | const minimatch = require('minimatch');
|
---|
11 |
|
---|
12 | const docsUrl = require('../util/docsUrl');
|
---|
13 | const jsxUtil = require('../util/jsx');
|
---|
14 | const report = require('../util/report');
|
---|
15 |
|
---|
16 | // ------------------------------------------------------------------------------
|
---|
17 | // Constants
|
---|
18 | // ------------------------------------------------------------------------------
|
---|
19 |
|
---|
20 | const DANGEROUS_PROPERTY_NAMES = [
|
---|
21 | 'dangerouslySetInnerHTML',
|
---|
22 | ];
|
---|
23 |
|
---|
24 | const DANGEROUS_PROPERTIES = fromEntries(DANGEROUS_PROPERTY_NAMES.map((prop) => [prop, prop]));
|
---|
25 |
|
---|
26 | // ------------------------------------------------------------------------------
|
---|
27 | // Helpers
|
---|
28 | // ------------------------------------------------------------------------------
|
---|
29 |
|
---|
30 | /**
|
---|
31 | * Checks if a JSX attribute is dangerous.
|
---|
32 | * @param {string} name - Name of the attribute to check.
|
---|
33 | * @returns {boolean} Whether or not the attribute is dangerous.
|
---|
34 | */
|
---|
35 | function isDangerous(name) {
|
---|
36 | return has(DANGEROUS_PROPERTIES, name);
|
---|
37 | }
|
---|
38 |
|
---|
39 | // ------------------------------------------------------------------------------
|
---|
40 | // Rule Definition
|
---|
41 | // ------------------------------------------------------------------------------
|
---|
42 |
|
---|
43 | const messages = {
|
---|
44 | dangerousProp: 'Dangerous property \'{{name}}\' found',
|
---|
45 | };
|
---|
46 |
|
---|
47 | /** @type {import('eslint').Rule.RuleModule} */
|
---|
48 | module.exports = {
|
---|
49 | meta: {
|
---|
50 | docs: {
|
---|
51 | description: 'Disallow usage of dangerous JSX properties',
|
---|
52 | category: 'Best Practices',
|
---|
53 | recommended: false,
|
---|
54 | url: docsUrl('no-danger'),
|
---|
55 | },
|
---|
56 |
|
---|
57 | messages,
|
---|
58 |
|
---|
59 | schema: [{
|
---|
60 | type: 'object',
|
---|
61 | properties: {
|
---|
62 | customComponentNames: {
|
---|
63 | items: {
|
---|
64 | type: 'string',
|
---|
65 | },
|
---|
66 | minItems: 0,
|
---|
67 | type: 'array',
|
---|
68 | uniqueItems: true,
|
---|
69 | },
|
---|
70 | },
|
---|
71 | }],
|
---|
72 | },
|
---|
73 |
|
---|
74 | create(context) {
|
---|
75 | const configuration = context.options[0] || {};
|
---|
76 | const customComponentNames = configuration.customComponentNames || [];
|
---|
77 |
|
---|
78 | return {
|
---|
79 | JSXAttribute(node) {
|
---|
80 | const functionName = node.parent.name.name;
|
---|
81 |
|
---|
82 | const enableCheckingCustomComponent = customComponentNames.some((name) => minimatch(functionName, name));
|
---|
83 |
|
---|
84 | if ((enableCheckingCustomComponent || jsxUtil.isDOMComponent(node.parent)) && isDangerous(node.name.name)) {
|
---|
85 | report(context, messages.dangerousProp, 'dangerousProp', {
|
---|
86 | node,
|
---|
87 | data: {
|
---|
88 | name: node.name.name,
|
---|
89 | },
|
---|
90 | });
|
---|
91 | }
|
---|
92 | },
|
---|
93 | };
|
---|
94 | },
|
---|
95 | };
|
---|