Home Explore Help
Sign In
CocoRoboLabs
/
CocoRoboDesktop
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1de07b5465
Branches Tags
CocoRoboDesk...
/
pdf1.js
/
node_modules
/
eslint-plugin-no-unsanitized
/
lib
/
rules
/
property.js

property.js 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. /**
    2. 

  2.  * @fileoverview ESLint rule to disallow unsanitized property assignment
    3. 

  3.  * @author Frederik Braun et al.
    4. 

  4.  * @copyright 2015-2017 Mozilla Corporation. All rights reserved.
    5. 

  5.  */
    6. 

  6. "use strict";
    7. 

  7. 

  8. const RuleHelper = require("../ruleHelper");
    9. 

  9. 

  10. //------------------------------------------------------------------------------
    11. 

  11. // Rule Definition
    12. 

  12. //------------------------------------------------------------------------------
    13. 

  13. 

  14. 

  15. const defaultRuleChecks = {
    16. 

  16. 

  17.     // Check unsafe assignment to innerHTML
    18. 

  18.     innerHTML: {
    19. 

  19.     },
    20. 

  20. 

  21.     // Check unsafe assignment to outerHTML
    22. 

  22.     outerHTML: {
    23. 

  23.     }
    24. 

  24. };
    25. 

  25. 

  26. module.exports = {
    27. 

  27.     meta: {
    28. 

  28.         type: "problem",
    29. 

  29.         docs: {
    30. 

  30.             description: "ESLint rule to disallow unsanitized property assignment",
    31. 

  31.             category: "possible-errors",
    32. 

  32.             url: "https://github.com/mozilla/eslint-plugin-no-unsanitized/tree/master/docs/rules/property.md"
    33. 

  33.         },
    34. 

  34.         /* schema statement TBD until we have options
    35. 

  35.         schema: [
    36. 

  36.             {
    37. 

  37.                 type: array
    38. 

  38.             }
    39. 

  39.         ]*/
    40. 

  40.     },
    41. 

  41.     create(context) {
    42. 

  42.         const ruleHelper = new RuleHelper(context, defaultRuleChecks);
    43. 

  43. 

  44.         // operators to not check, such as X.innerHTML *= 12; is likely very safe
    45. 

  45.         // This list explicitly doesn't check ["=", "+="] or any newer operators that have not been reviewed
    46. 

  46.         // - https://github.com/estree/estree/blob/master/es5.md#assignmentoperator
    47. 

  47.         // - https://github.com/estree/estree/blob/master/es2016.md#assignmentoperator
    48. 

  48.         const PERMITTED_OPERATORS = ["-=", "*=", "/=", "%=", "<<=", ">>=", ">>>=", "|=", "^=", "&=", "**="];
    49. 

  49. 

  50.         // operators to match against, such as X.innerHTML += foo
    51. 

  51.         const CHECK_REQUIRED_OPERATORS = ["=", "+=", "||=", "&&=", "??="];
    52. 

  52. 

  53.         return {
    54. 

  54.             AssignmentExpression(node) {
    55. 

  55.                 // called when an identifier is found in the tree.
    56. 

  56.                 // the "exit" prefix ensures we know all subnodes already.
    57. 

  57.                 if ("property" in node.left) {
    58. 

  58.                     // If we don't have an operator we safely ignore
    59. 

  59.                     if (PERMITTED_OPERATORS.indexOf(node.operator) === -1) {
    60. 

  60.                         if (CHECK_REQUIRED_OPERATORS.indexOf(node.operator) === -1) {
    61. 

  61.                             ruleHelper.reportUnsupported(node, "Unexpected Assignment", `Unsupported Operator ${encodeURIComponent(node.operator)} for AssignmentExpression`);
    62. 

  62.                         }
    63. 

  63.                         ruleHelper.checkProperty(node);
    64. 

  64.                     }
    65. 

  65.                 }
    66. 

  66.             }
    67. 

  67.         };
    68. 

  68.     }
    69. 

  69. };
    70.