69 lines
1.5 KiB
JavaScript
69 lines
1.5 KiB
JavaScript
/**
|
|
* @fileoverview Rule to disallow `javascript:` URLs
|
|
* @author Ilya Volodin
|
|
*/
|
|
/* eslint no-script-url: 0 -- Code is checking to report such URLs */
|
|
|
|
"use strict";
|
|
|
|
const astUtils = require("./utils/ast-utils");
|
|
|
|
//------------------------------------------------------------------------------
|
|
// Rule Definition
|
|
//------------------------------------------------------------------------------
|
|
|
|
/** @type {import('../types').Rule.RuleModule} */
|
|
module.exports = {
|
|
meta: {
|
|
type: "suggestion",
|
|
|
|
docs: {
|
|
description: "Disallow `javascript:` URLs",
|
|
recommended: false,
|
|
url: "https://eslint.org/docs/latest/rules/no-script-url",
|
|
},
|
|
|
|
schema: [],
|
|
|
|
messages: {
|
|
unexpectedScriptURL: "Script URL is a form of eval.",
|
|
},
|
|
},
|
|
|
|
create(context) {
|
|
/**
|
|
* Check whether a node's static value starts with `javascript:` or not.
|
|
* And report an error for unexpected script URL.
|
|
* @param {ASTNode} node node to check
|
|
* @returns {void}
|
|
*/
|
|
function check(node) {
|
|
const value = astUtils.getStaticStringValue(node);
|
|
|
|
if (
|
|
typeof value === "string" &&
|
|
value.toLowerCase().indexOf("javascript:") === 0
|
|
) {
|
|
context.report({ node, messageId: "unexpectedScriptURL" });
|
|
}
|
|
}
|
|
return {
|
|
Literal(node) {
|
|
if (node.value && typeof node.value === "string") {
|
|
check(node);
|
|
}
|
|
},
|
|
TemplateLiteral(node) {
|
|
if (
|
|
!(
|
|
node.parent &&
|
|
node.parent.type === "TaggedTemplateExpression"
|
|
)
|
|
) {
|
|
check(node);
|
|
}
|
|
},
|
|
};
|
|
},
|
|
};
|