try allowing binary expressions (being careful about recent changes to upstream eslint)
This commit is contained in:
Frederik Braun
Родитель
ec1e2122fc
Коммит
f2fdbd1a10
|
|
@ -56,6 +56,9 @@ module.exports = function (context) {
|
|||
if (VALID_UNWRAPPERS.indexOf(funcName) !== -1) {
|
||||
allowed = true;
|
||||
}
|
||||
} else if (expression.type == "BinaryExpression") {
|
||||
allowed = ((allowedExpression(expression.left, expression))
|
||||
&& (allowedExpression(expression.right, expression)));
|
||||
} else {
|
||||
// everything that doesn't match is unsafe:
|
||||
allowed = false;
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
},
|
||||
"devDependencies": {
|
||||
"eslint": ">=0.24.0",
|
||||
"eslint-tester": ">=0.8.2",
|
||||
"eslint-tester": "0.8.1",
|
||||
"mocha": "^2.2.4"
|
||||
},
|
||||
"dependencies": {
|
||||
|
|
|
|||
|
|
@ -93,6 +93,15 @@ eslintTester.addRuleTest("lib/rules/no-unsafe-innerhtml", {
|
|||
{
|
||||
code: "g.innerHTML = potentiallyUnsafe; // a=legacy, bug 1155131",
|
||||
ecmaFeatures: { templateStrings: true }
|
||||
},
|
||||
// (binary) expressions
|
||||
{
|
||||
code: "x.innerHTML = `foo`+`bar`;",
|
||||
ecmaFeatures: { templateStrings: true }
|
||||
},
|
||||
{
|
||||
code: "y.innerHTML = '<span>' + 5 + '</span>';",
|
||||
ecmaFeatures: { templateStrings: true }
|
||||
}
|
||||
],
|
||||
|
||||
|
|
@ -157,6 +166,25 @@ eslintTester.addRuleTest("lib/rules/no-unsafe-innerhtml", {
|
|||
type: "CallExpression"
|
||||
}
|
||||
]
|
||||
},
|
||||
// (binary) expressions
|
||||
{
|
||||
code: "node.innerHTML = '<span>'+ htmlInput;",
|
||||
errors: [
|
||||
{
|
||||
message: "Unsafe assignment to innerHTML",
|
||||
type: "AssignmentExpression"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
code: "node.innerHTML = '<span>'+ htmlInput + '</span>';",
|
||||
errors: [
|
||||
{
|
||||
message: "Unsafe assignment to innerHTML",
|
||||
type: "AssignmentExpression"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
});
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче