Página Principal Explorar Ajuda
Iniciar Sessão
htcwl
/
SxsnPC
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 68b88e5249
Ramos Etiquetas
SxsnPC
/
node_modules
/
eslint-plugin-vue
/
lib
/
rules
/
no-v-html.js

no-v-html.js 914 B
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233 
  1. /**
    2. 

  2.  * @fileoverview Restrict or warn use of v-html to prevent XSS attack
    3. 

  3.  * @author Nathan Zeplowitz
    4. 

  4.  */
    5. 

  5. 'use strict'
    6. 

  6. const utils = require('../utils')
    7. 

  7. 

  8. // ------------------------------------------------------------------------------
    9. 

  9. // Rule Definitionutilu
    10. 

  10. // ------------------------------------------------------------------------------
    11. 

  11. 

  12. module.exports = {
    13. 

  13.   meta: {
    14. 

  14.     docs: {
    15. 

  15.       description: 'disallow use of v-html to prevent XSS attack',
    16. 

  16.       category: undefined,
    17. 

  17.       url: 'https://github.com/vuejs/eslint-plugin-vue/blob/v4.7.1/docs/rules/no-v-html.md'
    18. 

  18.     },
    19. 

  19.     fixable: null,
    20. 

  20.     schema: []
    21. 

  21.   },
    22. 

  22.   create (context) {
    23. 

  23.     return utils.defineTemplateBodyVisitor(context, {
    24. 

  24.       "VAttribute[directive=true][key.name='html']" (node) {
    25. 

  25.         context.report({
    26. 

  26.           node,
    27. 

  27.           loc: node.loc,
    28. 

  28.           message: "'v-html' directive can lead to XSS attack."
    29. 

  29.         })
    30. 

  30.       }
    31. 

  31.     })
    32. 

  32.   }
    33. 

  33. }
    34.