66 lines
1.9 KiB
YAML
66 lines
1.9 KiB
YAML
rules:
|
||
- id: js-func-encode-uri
|
||
patterns:
|
||
- pattern: encodeURI($X)
|
||
message: Use encodeURIComponent() instead of encodeURI()
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
severity: WARNING
|
||
fix: encodeURIComponent($X)
|
||
- id: js-dangerous-func-document-write
|
||
patterns:
|
||
- pattern: document.write(...)
|
||
message: Don't render html directly into the page, use React components instead
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
severity: WARNING
|
||
- id: js-dangerous-func-assign-document-write
|
||
patterns:
|
||
- pattern: |
|
||
$X1 = document
|
||
...
|
||
$X1.write(...)
|
||
message: Don't render html directly into the page, use React components instead
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
severity: WARNING
|
||
- id: js-dangerous-func-document-writeln
|
||
patterns:
|
||
- pattern: document.writeln(...)
|
||
message: Don't render html directly into the page, use React components instead
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
severity: WARNING
|
||
- id: js-dangerous-func-assign-document-writeln
|
||
patterns:
|
||
- pattern: |
|
||
$X1 = document
|
||
...
|
||
$X1.writeln(...)
|
||
message: Don't render html directly into the page, use React components instead
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
severity: WARNING
|
||
- id: react-dangerouslysetinnerhtml
|
||
languages:
|
||
- typescript
|
||
- javascript
|
||
message: "Setting HTML from code is risky because it’s easy to inadvertently expose your users to a cross-site scripting (XSS) attack."
|
||
pattern-either:
|
||
- pattern: |
|
||
<$X dangerouslySetInnerHTML=... />
|
||
- pattern: |
|
||
{dangerouslySetInnerHTML: ...}
|
||
- pattern: |
|
||
$X1.innerHTML=...
|
||
- pattern: |
|
||
$X1.outerHTML=...
|
||
- pattern: |
|
||
$X1.insertAdjacentHTML=...
|
||
severity: WARNING
|