35 lines
909 B
JavaScript
35 lines
909 B
JavaScript
|
/**
|
||
|
* @fileoverview Restrict or warn use of v-html to prevent XSS attack
|
||
|
* @author Nathan Zeplowitz
|
||
|
*/
|
||
|
'use strict'
|
||
|
const utils = require('../utils')
|
||
|
|
||
|
// ------------------------------------------------------------------------------
|
||
|
// Rule Definition
|
||
|
// ------------------------------------------------------------------------------
|
||
|
|
||
|
module.exports = {
|
||
|
meta: {
|
||
|
type: 'suggestion',
|
||
|
docs: {
|
||
|
description: 'disallow use of v-html to prevent XSS attack',
|
||
|
category: 'recommended',
|
||
|
url: 'https://eslint.vuejs.org/rules/no-v-html.html'
|
||
|
},
|
||
|
fixable: null,
|
||
|
schema: []
|
||
|
},
|
||
|
create (context) {
|
||
|
return utils.defineTemplateBodyVisitor(context, {
|
||
|
"VAttribute[directive=true][key.name.name='html']" (node) {
|
||
|
context.report({
|
||
|
node,
|
||
|
loc: node.loc,
|
||
|
message: "'v-html' directive can lead to XSS attack."
|
||
|
})
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|