Bug 1351608 - Add eslint-plugin-no-unsanitized to eslint-plugin-mozilla. r=standard8
☠☠ backed out by ed5cc84d317f ☠ ☠
authorFrederik Braun <fbraun@mozilla.com>
Wed, 28 Jun 2017 12:47:36 -0700
changeset 601722 d95016c5fc991c075d10b4591491d50650a7c487
parent 601721 8c69b1e4d5a62688ac69657f926683adc04e8312
child 601723 1cd9e27f0fa16bd65edc431ca37bbcd5ad72b3bd
push id66200
push userhchang@mozilla.com
push dateThu, 29 Jun 2017 03:53:43 +0000
reviewersstandard8
bugs1351608
milestone56.0a1
Bug 1351608 - Add eslint-plugin-no-unsanitized to eslint-plugin-mozilla. r=standard8 MozReview-Commit-ID: H7NaHioty7f
package.json
tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
tools/lint/eslint/eslint-plugin-mozilla/package.json
--- a/package.json
+++ b/package.json
@@ -2,17 +2,18 @@
   "name": "mozillaeslintsetup",
   "description": "This package file is for setup of ESLint only for editor integration.",
   "repository": {},
   "license": "MPL-2.0",
   "dependencies": {
     "escope": "^3.6.0",
     "eslint": "3.19.0",
     "eslint-plugin-html": "2.0.3",
-    "eslint-plugin-mozilla": "file:tools\\lint\\eslint\\eslint-plugin-mozilla",
+    "eslint-plugin-mozilla": "file:tools/lint/eslint/eslint-plugin-mozilla",
     "eslint-plugin-react": "6.10.3",
-    "eslint-plugin-spidermonkey-js": "file:tools\\lint\\eslint\\eslint-plugin-spidermonkey-js",
+    "eslint-plugin-spidermonkey-js": "file:tools/lint/eslint/eslint-plugin-spidermonkey-js",
+    "eslint-plugin-no-unsanitized": "2.0.1",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "ini-parser": "^0.0.2",
     "sax": "^1.2.2"
   }
 }
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
@@ -58,17 +58,18 @@ module.exports = {
   },
 
   "parserOptions": {
     "ecmaVersion": 8
   },
 
   // When adding items to this file please check for effects on sub-directories.
   "plugins": [
-    "mozilla"
+    "mozilla",
+    "no-unsanitized"
   ],
 
   // When adding items to this file please check for effects on all of toolkit
   // and browser
   "rules": {
     // Require spacing around =>
     "arrow-spacing": "error",
 
@@ -294,16 +295,21 @@ module.exports = {
     "no-unreachable": "error",
 
     // Disallow control flow statements in finally blocks
     "no-unsafe-finally": "error",
 
     // No (!foo in bar) or (!object instanceof Class)
     "no-unsafe-negation": "error",
 
+    // No unsanitized use of innerHTML=, document.write() etc.
+    // cf. https://github.com/mozilla/eslint-plugin-no-unsanitized#rule-details
+    "no-unsanitized/method": "error",
+    "no-unsanitized/property": "error",
+
     // No declaring variables that are never used
     "no-unused-vars": ["error", {
       "args": "none",
       "vars": "local",
       "varsIgnorePattern": "^Cc|Ci|Cu|Cr|EXPORTED_SYMBOLS"
     }],
 
     // No using variables before defined
--- a/tools/lint/eslint/eslint-plugin-mozilla/package.json
+++ b/tools/lint/eslint/eslint-plugin-mozilla/package.json
@@ -16,16 +16,17 @@
   "repository": {
     "type": "hg",
     "url": "https://hg.mozilla.org/mozilla-central/"
   },
   "author": "Mike Ratcliffe",
   "main": "lib/index.js",
   "dependencies": {
     "escope": "^3.6.0",
+    "eslint-plugin-no-unsanitized": "^2.0.1",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "globals": "^9.14.0",
     "ini-parser": "^0.0.2",
     "sax": "^1.2.2"
   },
   "devDependencies": {
     "mocha": "3.2.0"