UNPKG

eslint-plugin-no-unsanitized

Version:

ESLint rule to disallow unsanitized code

github.com/mozilla/eslint-plugin-no-unsanitized/

mozilla/eslint-plugin-no-unsanitized

21 lines (15 loc) 982 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# method The _method_ rule in _eslint-plugin-no-unsanitized_ perform basic security checks for function calls. The idea of these checks is to ensure that certain insecure coding patterns are avoided in your codebase. We encourage developers to use HTML sanitizers or escapers to mitigate those insecure patterns. ## Unsafe call to insertAdjacentHTML, document.write or document.writeln This error message suggests that you are using an unsafe coding pattern. Please do not simply call functions like `insertAdjacentHTML` with a variable parameter, as this might cause Cross-Site Scripting (XSS) vulnerabilities. We encourage you to construct DOM nodes using `createElement` and changing their attributes (e.g., `textContent`, `classList`) instead. ### Further Reading - Advanced guidance on [Fixing rule violations](fixing-violations.md) - This rule has some [customization](customization.md) options that allow you to add or remove functions that should not be called