/** * @fileoverview HTML special characters should be escaped. * @author Patrick Hayes */ 'use strict'; const docsUrl = require('../util/docsUrl'); const getSourceCode = require('../util/eslint').getSourceCode; const jsxUtil = require('../util/jsx'); const report = require('../util/report'); const getMessageData = require('../util/message'); // ------------------------------------------------------------------------------ // Rule Definition // ------------------------------------------------------------------------------ // NOTE: '<' and '{' are also problematic characters, but they do not need // to be included here because it is a syntax error when these characters are // included accidentally. const DEFAULTS = [{ char: '>', alternatives: ['>'], }, { char: '"', alternatives: ['"', '“', '"', '”'], }, { char: '\'', alternatives: [''', '‘', ''', '’'], }, { char: '}', alternatives: ['}'], }]; const messages = { unescapedEntity: 'HTML entity, `{{entity}}` , must be escaped.', unescapedEntityAlts: '`{{entity}}` can be escaped with {{alts}}.', replaceWithAlt: 'Replace with `{{alt}}`.', }; /** @type {import('eslint').Rule.RuleModule} */ module.exports = { meta: { hasSuggestions: true, docs: { description: 'Disallow unescaped HTML entities from appearing in markup', category: 'Possible Errors', recommended: true, url: docsUrl('no-unescaped-entities'), }, messages, schema: [{ type: 'object', properties: { forbid: { type: 'array', items: { anyOf: [{ type: 'string', }, { type: 'object', properties: { char: { type: 'string', }, alternatives: { type: 'array', uniqueItems: true, items: { type: 'string', }, }, }, }], }, }, }, additionalProperties: false, }], }, create(context) { function reportInvalidEntity(node) { const configuration = context.options[0] || {}; const entities = configuration.forbid || DEFAULTS; // HTML entities are already escaped in node.value (as well as node.raw), // so pull the raw text from getSourceCode(context) for (let i = node.loc.start.line; i <= node.loc.end.line; i++) { let rawLine = getSourceCode(context).lines[i - 1]; let start = 0; let end = rawLine.length; if (i === node.loc.start.line) { start = node.loc.start.column; } if (i === node.loc.end.line) { end = node.loc.end.column; } rawLine = rawLine.slice(start, end); for (let j = 0; j < entities.length; j++) { for (let index = 0; index < rawLine.length; index++) { const c = rawLine[index]; if (typeof entities[j] === 'string') { if (c === entities[j]) { report(context, messages.unescapedEntity, 'unescapedEntity', { node, loc: { line: i, column: start + index }, data: { entity: entities[j], }, }); } } else if (c === entities[j].char) { report(context, messages.unescapedEntityAlts, 'unescapedEntityAlts', { node, loc: { line: i, column: start + index }, data: { entity: entities[j].char, alts: entities[j].alternatives.map((alt) => `\`${alt}\``).join(', '), }, suggest: entities[j].alternatives.map((alt) => Object.assign( getMessageData('replaceWithAlt', messages.replaceWithAlt), { data: { alt }, fix(fixer) { const lineToChange = i - node.loc.start.line; const newText = node.raw.split('\n').map((line, idx) => { if (idx === lineToChange) { return line.slice(0, index) + alt + line.slice(index + 1); } return line; }).join('\n'); return fixer.replaceText(node, newText); }, } )), }); } } } } } return { 'Literal, JSXText'(node) { if (jsxUtil.isJSX(node.parent)) { reportInvalidEntity(node); } }, }; }, };