1 | /**
|
2 | * @fileoverview Rule to flag when using javascript: urls
|
3 | * @author Ilya Volodin
|
4 | */
|
5 | /* jshint scripturl: true */
|
6 | /* eslint no-script-url: 0 */
|
7 |
|
8 | ;
|
9 |
|
10 | //------------------------------------------------------------------------------
|
11 | // Rule Definition
|
12 | //------------------------------------------------------------------------------
|
13 |
|
14 | module.exports = {
|
15 | meta: {
|
16 | docs: {
|
17 | description: "disallow `javascript:` urls",
|
18 | category: "Best Practices",
|
19 | recommended: false
|
20 | },
|
21 |
|
22 | schema: []
|
23 | },
|
24 |
|
25 | create(context) {
|
26 |
|
27 | return {
|
28 |
|
29 | Literal(node) {
|
30 | if (node.value && typeof node.value === "string") {
|
31 | const value = node.value.toLowerCase();
|
32 |
|
33 | if (value.indexOf("javascript:") === 0) {
|
34 | context.report(node, "Script URL is a form of eval.");
|
35 | }
|
36 | }
|
37 | }
|
38 | };
|
39 |
|
40 | }
|
41 | };
|