-
-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rule for prevent from printing undefined to HTML #807
base: main
Are you sure you want to change the base?
Conversation
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your PR!
But it seems to me that the rule cannot be made great without a check using types such as this comment. And I think we need to handle null also.
And there are several points that clearly need to be corrected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this.
This rule reports all uses of `{@html}` in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks. | ||
|
||
<ESLintCodeBlock> | ||
|
||
<!--eslint-skip--> | ||
|
||
```svelte | ||
<script> | ||
/* eslint svelte/no-at-html-tags: "error" */ | ||
</script> | ||
|
||
<!-- ✓ GOOD --> | ||
{foo} | ||
|
||
<!-- ✗ BAD --> | ||
{@html foo} | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write proper document.
meta: { | ||
docs: { | ||
description: 'Disallow from printing `undefined`', | ||
category: 'Possible Errors', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think printing undefined is possible error.
docs: { | ||
description: 'Disallow from printing `undefined`', | ||
category: 'Possible Errors', | ||
recommended: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not add recommended
rules without major version up.
recommended: true | |
recommended: false |
pageClass: 'rule-details' | ||
sidebarDepth: 0 | ||
title: 'svelte/no-undefined-print' | ||
description: 'Disallow from printing `undefined`' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is grammatically better?
description: 'Disallow from printing `undefined`' | |
description: 'Disallow printing `undefined`' |
sidebarDepth: 0 | ||
title: 'svelte/no-undefined-print' | ||
description: 'Disallow from printing `undefined`' | ||
since: 'v0.0.1' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use pnpm update
to update docs automatically.
}, | ||
schema: [], | ||
messages: { | ||
unexpected: 'Unexpected `undefined`.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unexpected: 'Unexpected `undefined`.' | |
unexpected: 'Disallow printing `undefined`' |
let string = `this string contains some <strong>HTML!!!</strong>`; | ||
</script> | ||
|
||
<p>{@html string}</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this test is not for this rule.
close: #747