Home Explore Help
Register Sign In
lihai
/
pad_spa
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8d6c751f49
Branches Tags
pad_spa
/
node_modules
/
eslint-plugin-vue
/
lib
/
rules
/
no-v-html.js

no-v-html.js 904 B
History Raw

1234567891011121314151617181920212223242526272829303132333435 
  1. /**
    2. 

  2.  * @fileoverview Restrict or warn use of v-html to prevent XSS attack
    3. 

  3.  * @author Nathan Zeplowitz
    4. 

  4.  */
    5. 

  5. 'use strict'
    6. 

  6. const utils = require('../utils')
    7. 

  7. 

  8. // ------------------------------------------------------------------------------
    9. 

  9. // Rule Definition
    10. 

  10. // ------------------------------------------------------------------------------
    11. 

  11. 

  12. module.exports = {
    13. 

  13.   meta: {
    14. 

  14.     type: 'suggestion',
    15. 

  15.     docs: {
    16. 

  16.       description: 'disallow use of v-html to prevent XSS attack',
    17. 

  17.       category: 'recommended',
    18. 

  18.       url: 'https://eslint.vuejs.org/rules/no-v-html.html'
    19. 

  19.     },
    20. 

  20.     fixable: null,
    21. 

  21.     schema: []
    22. 

  22.   },
    23. 

  23.   create (context) {
    24. 

  24.     return utils.defineTemplateBodyVisitor(context, {
    25. 

  25.       "VAttribute[directive=true][key.name='html']" (node) {
    26. 

  26.         context.report({
    27. 

  27.           node,
    28. 

  28.           loc: node.loc,
    29. 

  29.           message: "'v-html' directive can lead to XSS attack."
    30. 

  30.         })
    31. 

  31.       }
    32. 

  32.     })
    33. 

  33.   }
    34. 

  34. }
    35. 

  35.