eslint-plugin-security
Version:
Security rules for eslint
29 lines (27 loc) • 859 B
JavaScript
;
module.exports = {
meta: {
type: 'error',
docs: {
description: 'Detects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities.',
category: 'Possible Security Vulnerability',
recommended: true,
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-disable-mustache-escape.md',
},
},
create(context) {
return {
AssignmentExpression: function (node) {
if (node.operator === '=') {
if (node.left.property) {
if (node.left.property.name === 'escapeMarkup') {
if (node.right.value === false) {
context.report({ node: node, message: 'Markup escaping disabled.' });
}
}
}
}
},
};
},
};