1 | /**
|
2 | * @fileoverview Rule to flag when using javascript: urls
|
3 | * @author Ilya Volodin
|
4 | */
|
5 | /* jshint scripturl: true */
|
6 | /* eslint no-script-url: 0 */
|
7 |
|
8 | ;
|
9 |
|
10 | const astUtils = require("./utils/ast-utils");
|
11 |
|
12 | //------------------------------------------------------------------------------
|
13 | // Rule Definition
|
14 | //------------------------------------------------------------------------------
|
15 |
|
16 | module.exports = {
|
17 | meta: {
|
18 | type: "suggestion",
|
19 |
|
20 | docs: {
|
21 | description: "disallow `javascript:` urls",
|
22 | category: "Best Practices",
|
23 | recommended: false,
|
24 | url: "https://eslint.org/docs/rules/no-script-url"
|
25 | },
|
26 |
|
27 | schema: [],
|
28 |
|
29 | messages: {
|
30 | unexpectedScriptURL: "Script URL is a form of eval."
|
31 | }
|
32 | },
|
33 |
|
34 | create(context) {
|
35 |
|
36 | /**
|
37 | * Check whether a node's static value starts with "javascript:" or not.
|
38 | * And report an error for unexpected script URL.
|
39 | * @param {ASTNode} node node to check
|
40 | * @returns {void}
|
41 | */
|
42 | function check(node) {
|
43 | const value = astUtils.getStaticStringValue(node);
|
44 |
|
45 | if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) {
|
46 | context.report({ node, messageId: "unexpectedScriptURL" });
|
47 | }
|
48 | }
|
49 | return {
|
50 | Literal(node) {
|
51 | if (node.value && typeof node.value === "string") {
|
52 | check(node);
|
53 | }
|
54 | },
|
55 | TemplateLiteral(node) {
|
56 | if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) {
|
57 | check(node);
|
58 | }
|
59 | }
|
60 | };
|
61 | }
|
62 | };
|