From 1310b12eff45bb2df7ac0338f35ab4b264528f42 Mon Sep 17 00:00:00 2001
From: Frederik Braun <fbraun@mozilla.com>
Date: Wed, 28 Jun 2017 12:47:36 -0700
Subject: [PATCH] Bug 1351608 - Add eslint-plugin-no-unsanitized to
 eslint-plugin-mozilla. r=standard8

MozReview-Commit-ID: H7NaHioty7f

--HG--
extra : rebase_source : a2aaeea6ee2338206e9fe06679419847d76d1cae
---
 package.json                                              | 5 +++--
 .../eslint-plugin-mozilla/lib/configs/recommended.js      | 8 +++++++-
 tools/lint/eslint/eslint-plugin-mozilla/package.json      | 1 +
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 97ca5db52929..6324be56f040 100644
--- a/package.json
+++ b/package.json
@@ -7,9 +7,10 @@
     "escope": "^3.6.0",
     "eslint": "3.19.0",
     "eslint-plugin-html": "2.0.3",
-    "eslint-plugin-mozilla": "file:tools\\lint\\eslint\\eslint-plugin-mozilla",
+    "eslint-plugin-mozilla": "file:tools/lint/eslint/eslint-plugin-mozilla",
     "eslint-plugin-react": "6.10.3",
-    "eslint-plugin-spidermonkey-js": "file:tools\\lint\\eslint\\eslint-plugin-spidermonkey-js",
+    "eslint-plugin-spidermonkey-js": "file:tools/lint/eslint/eslint-plugin-spidermonkey-js",
+    "eslint-plugin-no-unsanitized": "2.0.1",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "ini-parser": "^0.0.2",
diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
index 456bccca2811..a218880a3aec 100644
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
@@ -63,7 +63,8 @@ module.exports = {
 
   // When adding items to this file please check for effects on sub-directories.
   "plugins": [
-    "mozilla"
+    "mozilla",
+    "no-unsanitized"
   ],
 
   // When adding items to this file please check for effects on all of toolkit
@@ -299,6 +300,11 @@ module.exports = {
     // No (!foo in bar) or (!object instanceof Class)
     "no-unsafe-negation": "error",
 
+    // No unsanitized use of innerHTML=, document.write() etc.
+    // cf. https://github.com/mozilla/eslint-plugin-no-unsanitized#rule-details
+    "no-unsanitized/method": "error",
+    "no-unsanitized/property": "error",
+
     // No declaring variables that are never used
     "no-unused-vars": ["error", {
       "args": "none",
diff --git a/tools/lint/eslint/eslint-plugin-mozilla/package.json b/tools/lint/eslint/eslint-plugin-mozilla/package.json
index abe4a9441db4..10857895f076 100644
--- a/tools/lint/eslint/eslint-plugin-mozilla/package.json
+++ b/tools/lint/eslint/eslint-plugin-mozilla/package.json
@@ -21,6 +21,7 @@
   "main": "lib/index.js",
   "dependencies": {
     "escope": "^3.6.0",
+    "eslint-plugin-no-unsanitized": "^2.0.1",
     "espree": "^3.4.0",
     "estraverse": "^4.2.0",
     "globals": "^9.14.0",