39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
|
"use strict";
|
||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||
|
const utils_1 = require("../utils");
|
||
|
const ast_utils_1 = require("../utils/ast-utils");
|
||
|
const compat_1 = require("../utils/compat");
|
||
|
exports.default = (0, utils_1.createRule)("no-set-html-directive", {
|
||
|
meta: {
|
||
|
docs: {
|
||
|
description: "disallow use of `set:html` to prevent XSS attack",
|
||
|
category: "Security Vulnerability",
|
||
|
recommended: false,
|
||
|
},
|
||
|
schema: [],
|
||
|
messages: {
|
||
|
unexpected: "`set:html` can lead to XSS attack.",
|
||
|
},
|
||
|
type: "suggestion",
|
||
|
},
|
||
|
create(context) {
|
||
|
const sourceCode = (0, compat_1.getSourceCode)(context);
|
||
|
if (!sourceCode.parserServices.isAstro) {
|
||
|
return {};
|
||
|
}
|
||
|
function verifyName(attr) {
|
||
|
if ((0, ast_utils_1.getAttributeName)(attr) !== "set:html") {
|
||
|
return;
|
||
|
}
|
||
|
context.report({
|
||
|
node: attr.name,
|
||
|
messageId: "unexpected",
|
||
|
});
|
||
|
}
|
||
|
return {
|
||
|
JSXAttribute: verifyName,
|
||
|
AstroTemplateLiteralAttribute: verifyName,
|
||
|
};
|
||
|
},
|
||
|
});
|