Skip to content
Permalink
Browse files

Update: check template literal in no-script-url (#13775)

* Fix: check template literal in no-script-url

* handle uppercase

* handle tagged template literal

* change to toLowerCase

* check only string literal
  • Loading branch information
yeonjuan committed Oct 23, 2020
1 parent bfe97d2 commit 5183b14a2420b42b4089fb134a61ae57142f31fd
Showing with 50 additions and 8 deletions.
  1. +2 −0 docs/rules/no-script-url.md
  2. +21 −7 lib/rules/no-script-url.js
  3. +27 −1 tests/lib/rules/no-script-url.js
@@ -10,6 +10,8 @@ Examples of **incorrect** code for this rule:
/*eslint no-script-url: "error"*/
location.href = "javascript:void(0)";
location.href = `javascript:void(0)`;
```

## Compatibility
@@ -7,6 +7,8 @@

"use strict";

const astUtils = require("./utils/ast-utils");

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------
@@ -31,18 +33,30 @@ module.exports = {

create(context) {

/**
* Check whether a node's static value starts with "javascript:" or not.
* And report an error for unexpected script URL.
* @param {ASTNode} node node to check
* @returns {void}
*/
function check(node) {
const value = astUtils.getStaticStringValue(node);

if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) {
context.report({ node, messageId: "unexpectedScriptURL" });
}
}
return {

Literal(node) {
if (node.value && typeof node.value === "string") {
const value = node.value.toLowerCase();

if (value.indexOf("javascript:") === 0) {
context.report({ node, messageId: "unexpectedScriptURL" });
}
check(node);
}
},
TemplateLiteral(node) {
if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) {
check(node);
}
}
};

}
};
@@ -22,7 +22,19 @@ ruleTester.run("no-script-url", rule, {
valid: [
"var a = 'Hello World!';",
"var a = 10;",
"var url = 'xjavascript:'"
"var url = 'xjavascript:'",
{
code: "var url = `xjavascript:`",
parserOptions: { ecmaVersion: 6 }
},
{
code: "var url = `${foo}javascript:`",
parserOptions: { ecmaVersion: 6 }
},
{
code: "var a = foo`javaScript:`;",
parserOptions: { ecmaVersion: 6 }
}
],
invalid: [
{
@@ -36,6 +48,20 @@ ruleTester.run("no-script-url", rule, {
errors: [
{ messageId: "unexpectedScriptURL", type: "Literal" }
]
},
{
code: "var a = `javascript:`;",
parserOptions: { ecmaVersion: 6 },
errors: [
{ messageId: "unexpectedScriptURL", type: "TemplateLiteral" }
]
},
{
code: "var a = `JavaScript:`;",
parserOptions: { ecmaVersion: 6 },
errors: [
{ messageId: "unexpectedScriptURL", type: "TemplateLiteral" }
]
}
]
});

0 comments on commit 5183b14

Please sign in to comment.
You can’t perform that action at this time.