UNPKG

@locker/eslint-plugin-locker

Version:

Lightning Web Security ESLint rules

github.com/salesforce-experience-platform-emu/locker

salesforce-experience-platform-emu/locker

16 lines (9 loc) 1.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Distorted Element#insertAdjacentHTML (distorted-element-insert-adjacent-html) For security `Element#insertAdjacentHTML` is distorted by Lightning Web Security. <!-- START generated embed: @locker/distortion/src/Element/docs/insertAdjacentHTML-value.md --> ## Element.prototype.insertAdjacentHTML The [`Element.prototype.insertAdjacentHTML()`](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method parses the specified text as HTML or XML and inserts the resulting nodes into the DOM tree at a specified position. Lightning Web Security runs in the main window, where the `<html>`, `<head>`, and `<body>` elements are shared. Malicious code can be added to those elements by using the `insertAdjacentHTML()` method, corrupting the DOM of the current rendered page. ### Distorted Behavior This distortion sanitizes the text string to prevent malicious code from being added to the `<html>`, `<head>`, and `<body>` shared elements. <!-- END generated embed, please keep comment -->