Bug 1351608 - Add eslint-plugin-no-unsanitized to eslint-plugin-mozilla r?standard8 draft
authorFrederik Braun <fbraun@mozilla.com>
Fri, 02 Jun 2017 12:13:55 +0200
changeset 588291 c4369508559971530529f07bc49ee4146502a0aa
parent 588282 d69d09cff6dc8074a080cb09108eace712102dc2
child 588292 9d184b65e3f88f7624a1e07e1d13f403d4754ada
push id61986
push userbmo:fbraun@mozilla.com
push dateFri, 02 Jun 2017 14:15:57 +0000
reviewersstandard8
bugs1351608
milestone55.0a1
Bug 1351608 - Add eslint-plugin-no-unsanitized to eslint-plugin-mozilla r?standard8 MozReview-Commit-ID: H7NaHioty7f
package.json
tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
tools/lint/eslint/eslint-plugin-mozilla/package.json
--- a/package.json
+++ b/package.json
@@ -2,15 +2,16 @@
   "name": "mozillaeslintsetup",
   "description": "This package file is for setup of ESLint only for editor integration.",
   "repository": {},
   "license": "MPL-2.0",
   "dependencies": {
     "eslint": "3.19.0",
     "eslint-plugin-html": "2.0.3",
     "eslint-plugin-react": "6.10.3",
+    "eslint-plugin-no-unsanitized": "2.0.1",
     "escope": "^3.6.0",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "ini-parser": "^0.0.2",
     "sax": "^1.2.2"
   }
 }
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
@@ -51,17 +51,18 @@ module.exports = {
   },
 
   "parserOptions": {
     "ecmaVersion": 8
   },
 
   // When adding items to this file please check for effects on sub-directories.
   "plugins": [
-    "mozilla"
+    "mozilla",
+    "no-unsanitized"
   ],
 
   // When adding items to this file please check for effects on all of toolkit
   // and browser
   "rules": {
     // Require spacing around =>
     "arrow-spacing": "error",
 
@@ -272,16 +273,21 @@ module.exports = {
     "no-unreachable": "error",
 
     // Disallow control flow statements in finally blocks
     "no-unsafe-finally": "error",
 
     // No (!foo in bar) or (!object instanceof Class)
     "no-unsafe-negation": "error",
 
+    // No unsanitized use of innerHTML=, document.write() etc.
+    // cf. https://github.com/mozilla/eslint-plugin-no-unsanitized#rule-details
+    "no-unsanitized/method": "error",
+    "no-unsanitized/property": "error",
+
     // No declaring variables that are never used
     "no-unused-vars": ["error", {
       "args": "none",
       "vars": "local",
       "varsIgnorePattern": "^Cc|Ci|Cu|Cr|EXPORTED_SYMBOLS"
     }],
 
     // No using variables before defined
--- a/tools/lint/eslint/eslint-plugin-mozilla/package.json
+++ b/tools/lint/eslint/eslint-plugin-mozilla/package.json
@@ -16,16 +16,17 @@
   "repository": {
     "type": "hg",
     "url": "https://hg.mozilla.org/mozilla-central/"
   },
   "author": "Mike Ratcliffe",
   "main": "lib/index.js",
   "dependencies": {
     "escope": "^3.6.0",
+    "eslint-plugin-no-unsanitized": "^2.0.1",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "globals": "^9.14.0",
     "ini-parser": "^0.0.2",
     "sax": "^1.2.2"
   },
   "devDependencies": {
     "mocha": "3.2.0"