You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
884 B
36 lines
884 B
2 months ago
|
/**
|
||
|
* @fileoverview Restrict or warn use of v-html to prevent XSS attack
|
||
|
* @author Nathan Zeplowitz
|
||
|
*/
|
||
|
'use strict'
|
||
|
const utils = require('../utils')
|
||
|
|
||
|
module.exports = {
|
||
|
meta: {
|
||
|
type: 'suggestion',
|
||
|
docs: {
|
||
|
description: 'disallow use of v-html to prevent XSS attack',
|
||
|
categories: ['vue3-recommended', 'vue2-recommended'],
|
||
|
url: 'https://eslint.vuejs.org/rules/no-v-html.html'
|
||
|
},
|
||
|
fixable: null,
|
||
|
schema: [],
|
||
|
messages: {
|
||
|
unexpected: "'v-html' directive can lead to XSS attack."
|
||
|
}
|
||
|
},
|
||
|
/** @param {RuleContext} context */
|
||
|
create(context) {
|
||
|
return utils.defineTemplateBodyVisitor(context, {
|
||
|
/** @param {VDirective} node */
|
||
|
"VAttribute[directive=true][key.name.name='html']"(node) {
|
||
|
context.report({
|
||
|
node,
|
||
|
loc: node.loc,
|
||
|
messageId: 'unexpected'
|
||
|
})
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|