addressing unsafe uses of the sanitizer, bug 1192595

2015-09-10 10:01:15 +02:00 · 2015-09-10 10:01:15 +02:00 · a8f9e0e2b3
--- a/tests/rules/no-unsafe-innerhtml.js
+++ b/tests/rules/no-unsafe-innerhtml.js
@ -226,6 +226,26 @@ eslintTester.run("no-unsafe-innerhtml", rule, {
                    type: "AssignmentExpression"
                }
            ]
-}
+        },
+        // https://bugzilla.mozilla.org/show_bug.cgi?id=1192595
+        {
+            code: "x.innerHTML = Sanitizer.escapeHTML(evil)",
+            errors: [
+                {
+                    message: "Unsafe assignment to innerHTML",
+                    type: "AssignmentExpression"
+                }
+            ]
+        },
+        {
+            code: "x.innerHTML = Sanitizer.escapeHTML(`evil`)",
+            errors: [
+                {
+                    message: "Unsafe assignment to innerHTML",
+                    type: "AssignmentExpression"
+                }
+            ],
+            ecmaFeatures: { templateStrings: true }
+        }
    ]
 });