| 1 | /**
|
|---|
| 2 | * @fileoverview Prevent usage of dangerous JSX props
|
|---|
| 3 | * @author Scott Andrews
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | 'use strict';
|
|---|
| 7 |
|
|---|
| 8 | const has = require('hasown');
|
|---|
| 9 | const fromEntries = require('object.fromentries/polyfill')();
|
|---|
| 10 | const minimatch = require('minimatch');
|
|---|
| 11 |
|
|---|
| 12 | const docsUrl = require('../util/docsUrl');
|
|---|
| 13 | const jsxUtil = require('../util/jsx');
|
|---|
| 14 | const report = require('../util/report');
|
|---|
| 15 |
|
|---|
| 16 | // ------------------------------------------------------------------------------
|
|---|
| 17 | // Constants
|
|---|
| 18 | // ------------------------------------------------------------------------------
|
|---|
| 19 |
|
|---|
| 20 | const DANGEROUS_PROPERTY_NAMES = [
|
|---|
| 21 | 'dangerouslySetInnerHTML',
|
|---|
| 22 | ];
|
|---|
| 23 |
|
|---|
| 24 | const DANGEROUS_PROPERTIES = fromEntries(DANGEROUS_PROPERTY_NAMES.map((prop) => [prop, prop]));
|
|---|
| 25 |
|
|---|
| 26 | // ------------------------------------------------------------------------------
|
|---|
| 27 | // Helpers
|
|---|
| 28 | // ------------------------------------------------------------------------------
|
|---|
| 29 |
|
|---|
| 30 | /**
|
|---|
| 31 | * Checks if a JSX attribute is dangerous.
|
|---|
| 32 | * @param {String} name - Name of the attribute to check.
|
|---|
| 33 | * @returns {boolean} Whether or not the attribute is dangerous.
|
|---|
| 34 | */
|
|---|
| 35 | function isDangerous(name) {
|
|---|
| 36 | return has(DANGEROUS_PROPERTIES, name);
|
|---|
| 37 | }
|
|---|
| 38 |
|
|---|
| 39 | // ------------------------------------------------------------------------------
|
|---|
| 40 | // Rule Definition
|
|---|
| 41 | // ------------------------------------------------------------------------------
|
|---|
| 42 |
|
|---|
| 43 | const messages = {
|
|---|
| 44 | dangerousProp: 'Dangerous property \'{{name}}\' found',
|
|---|
| 45 | };
|
|---|
| 46 |
|
|---|
| 47 | /** @type {import('eslint').Rule.RuleModule} */
|
|---|
| 48 | module.exports = {
|
|---|
| 49 | meta: {
|
|---|
| 50 | docs: {
|
|---|
| 51 | description: 'Disallow usage of dangerous JSX properties',
|
|---|
| 52 | category: 'Best Practices',
|
|---|
| 53 | recommended: false,
|
|---|
| 54 | url: docsUrl('no-danger'),
|
|---|
| 55 | },
|
|---|
| 56 |
|
|---|
| 57 | messages,
|
|---|
| 58 |
|
|---|
| 59 | schema: [{
|
|---|
| 60 | type: 'object',
|
|---|
| 61 | properties: {
|
|---|
| 62 | customComponentNames: {
|
|---|
| 63 | items: {
|
|---|
| 64 | type: 'string',
|
|---|
| 65 | },
|
|---|
| 66 | minItems: 0,
|
|---|
| 67 | type: 'array',
|
|---|
| 68 | uniqueItems: true,
|
|---|
| 69 | },
|
|---|
| 70 | },
|
|---|
| 71 | }],
|
|---|
| 72 | },
|
|---|
| 73 |
|
|---|
| 74 | create(context) {
|
|---|
| 75 | const configuration = context.options[0] || {};
|
|---|
| 76 | const customComponentNames = configuration.customComponentNames || [];
|
|---|
| 77 |
|
|---|
| 78 | return {
|
|---|
| 79 | JSXAttribute(node) {
|
|---|
| 80 | const functionName = node.parent.name.name;
|
|---|
| 81 |
|
|---|
| 82 | const enableCheckingCustomComponent = customComponentNames.some((name) => minimatch(functionName, name));
|
|---|
| 83 |
|
|---|
| 84 | if ((enableCheckingCustomComponent || jsxUtil.isDOMComponent(node.parent)) && isDangerous(node.name.name)) {
|
|---|
| 85 | report(context, messages.dangerousProp, 'dangerousProp', {
|
|---|
| 86 | node,
|
|---|
| 87 | data: {
|
|---|
| 88 | name: node.name.name,
|
|---|
| 89 | },
|
|---|
| 90 | });
|
|---|
| 91 | }
|
|---|
| 92 | },
|
|---|
| 93 | };
|
|---|
| 94 | },
|
|---|
| 95 | };
|
|---|
