GoScrobble/web/node_modules/eslint-plugin-react/lib/rules/jsx-no-script-url.js

/**
 * @fileoverview Prevent usage of `javascript:` URLs
 * @author Sergei Startsev
 */

'use strict';

const docsUrl = require('../util/docsUrl');

// ------------------------------------------------------------------------------
// Rule Definition
// ------------------------------------------------------------------------------

// https://github.com/facebook/react/blob/d0ebde77f6d1232cefc0da184d731943d78e86f2/packages/react-dom/src/shared/sanitizeURL.js#L30
/* eslint-disable-next-line max-len, no-control-regex */
const isJavaScriptProtocol = /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*:/i;

function hasJavaScriptProtocol(attr) {
  return attr.value && attr.value.type === 'Literal'
    && isJavaScriptProtocol.test(attr.value.value);
}

function shouldVerifyElement(node, config) {
  const name = node.name && node.name.name;
  return name === 'a' || config.find((i) => i.name === name);
}

function shouldVerifyProp(node, config) {
  const name = node.name && node.name.name;
  const parentName = node.parent.name && node.parent.name.name;

  if (parentName === 'a' && name === 'href') {
    return true;
  }

  const el = config.find((i) => i.name === parentName);
  if (!el) {
    return false;
  }

  const props = el.props || [];
  return node.name && props.indexOf(name) !== -1;
}

module.exports = {
  meta: {
    docs: {
      description: 'Forbid `javascript:` URLs',
      category: 'Best Practices',
      recommended: false,
      url: docsUrl('jsx-no-script-url')
    },

    messages: {
      noScriptURL: 'A future version of React will block javascript: URLs as a security precaution. '
        + 'Use event handlers instead if you can. If you need to generate unsafe HTML, try using dangerouslySetInnerHTML instead.'
    },

    schema: [{
      type: 'array',
      uniqueItems: true,
      items: {
        type: 'object',
        properties: {
          name: {
            type: 'string'
          },
          props: {
            type: 'array',
            items: {
              type: 'string',
              uniqueItems: true
            }
          }
        },
        required: ['name', 'props'],
        additionalProperties: false
      }
    }]
  },

  create(context) {
    const config = context.options[0] || [];
    return {
      JSXAttribute(node) {
        const parent = node.parent;
        if (shouldVerifyElement(parent, config) && shouldVerifyProp(node, config) && hasJavaScriptProtocol(node)) {
          context.report({
            node,
            messageId: 'noScriptURL'
          });
        }
      }
    };
  }
};
0.2.0 - Mid migration 2022-04-25 02:47:15 +00:00			`/**`
			* @fileoverview Prevent usage of `javascript:` URLs
			`* @author Sergei Startsev`
			`*/`

			`'use strict';`

			`const docsUrl = require('../util/docsUrl');`

			`// ------------------------------------------------------------------------------`
			`// Rule Definition`
			`// ------------------------------------------------------------------------------`

			`// https://github.com/facebook/react/blob/d0ebde77f6d1232cefc0da184d731943d78e86f2/packages/react-dom/src/shared/sanitizeURL.js#L30`
			`/* eslint-disable-next-line max-len, no-control-regex */`
			`const isJavaScriptProtocol = /^[\u0000-\u001F ]j[\r\n\t]a[\r\n\t]v[\r\n\t]a[\r\n\t]s[\r\n\t]c[\r\n\t]r[\r\n\t]i[\r\n\t]p[\r\n\t]t[\r\n\t]*:/i;`

			`function hasJavaScriptProtocol(attr) {`
			`return attr.value && attr.value.type === 'Literal'`
			`&& isJavaScriptProtocol.test(attr.value.value);`
			`}`

			`function shouldVerifyElement(node, config) {`
			`const name = node.name && node.name.name;`
			`return name === 'a' \|\| config.find((i) => i.name === name);`
			`}`

			`function shouldVerifyProp(node, config) {`
			`const name = node.name && node.name.name;`
			`const parentName = node.parent.name && node.parent.name.name;`

			`if (parentName === 'a' && name === 'href') {`
			`return true;`
			`}`

			`const el = config.find((i) => i.name === parentName);`
			`if (!el) {`
			`return false;`
			`}`

			`const props = el.props \|\| [];`
			`return node.name && props.indexOf(name) !== -1;`
			`}`

			`module.exports = {`
			`meta: {`
			`docs: {`
			description: 'Forbid `javascript:` URLs',
			`category: 'Best Practices',`
			`recommended: false,`
			`url: docsUrl('jsx-no-script-url')`
			`},`

			`messages: {`
			`noScriptURL: 'A future version of React will block javascript: URLs as a security precaution. '`
			`+ 'Use event handlers instead if you can. If you need to generate unsafe HTML, try using dangerouslySetInnerHTML instead.'`
			`},`

			`schema: [{`
			`type: 'array',`
			`uniqueItems: true,`
			`items: {`
			`type: 'object',`
			`properties: {`
			`name: {`
			`type: 'string'`
			`},`
			`props: {`
			`type: 'array',`
			`items: {`
			`type: 'string',`
			`uniqueItems: true`
			`}`
			`}`
			`},`
			`required: ['name', 'props'],`
			`additionalProperties: false`
			`}`
			`}]`
			`},`

			`create(context) {`
			`const config = context.options[0] \|\| [];`
			`return {`
			`JSXAttribute(node) {`
			`const parent = node.parent;`
			`if (shouldVerifyElement(parent, config) && shouldVerifyProp(node, config) && hasJavaScriptProtocol(node)) {`
			`context.report({`
			`node,`
			`messageId: 'noScriptURL'`
			`});`
			`}`
			`}`
			`};`
			`}`
			`};`