1234567891011121314151617181920212223242526272829303132333435 |
- /**
- * @fileoverview Restrict or warn use of v-html to prevent XSS attack
- * @author Nathan Zeplowitz
- */
- 'use strict'
- const utils = require('../utils')
- module.exports = {
- meta: {
- type: 'suggestion',
- docs: {
- description: 'disallow use of v-html to prevent XSS attack',
- categories: ['vue3-recommended', 'vue2-recommended'],
- url: 'https://eslint.vuejs.org/rules/no-v-html.html'
- },
- fixable: null,
- schema: [],
- messages: {
- unexpected: "'v-html' directive can lead to XSS attack."
- }
- },
- /** @param {RuleContext} context */
- create(context) {
- return utils.defineTemplateBodyVisitor(context, {
- /** @param {VDirective} node */
- "VAttribute[directive=true][key.name.name='html']"(node) {
- context.report({
- node,
- loc: node.loc,
- messageId: 'unexpected'
- })
- }
- })
- }
- }
|