Disallow jQuery functions with XSS potential.
Copied directly from eslint-plugin-jquery. Forking didn't seem appropriate as the intent of the plugin is different.
@kellyjosephprice, https://www.npmjs.com/package/eslint-plugin-jquery-unsafe/v/0.1.0
You'll first need to install ESLint:
$ npm install eslint --save-dev
Next, install eslint-plugin-jquery-unsafe:
$ npm install eslint-plugin-jquery-unsafe --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-jquery-unsafe globally.
Add jquery-unsafe to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"jquery-unsafe"
],
"rules": {
"jquery-unsafe/no-add": 2,
"jquery-unsafe/no-after": 2,
"jquery-unsafe/no-append": 2,
"jquery-unsafe/no-appendTo": 2,
"jquery-unsafe/no-before": 2,
"jquery-unsafe/no-html": 2,
"jquery-unsafe/no-insertAfter": 2,
"jquery-unsafe/no-insertBefore": 2,
"jquery-unsafe/no-prepend": 2,
"jquery-unsafe/no-prependTo": 2,
"jquery-unsafe/no-replaceWith": 2,
"jquery-unsafe/no-wrap": 2,
"jquery-unsafe/no-wrapAll": 2,
"jquery-unsafe/no-wrapInner": 2
}
}npm install
npm test
Distributed under the MIT license. See LICENSE for details.
- Dataset of Unsafe jQuery Method Calls
- jQuery XSS Static Analyser: Static analyser for JavaScript which can detect use of unsafe jQuery methods which are vulnerable to XSS attack
- Martin Vondráček, Ibrahim Baggili, Peter Casey, and Mehdi Mekni. Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses. Computers & Security. vol. 127. p. 102923. 2023. Online. https://www.sciencedirect.com/science/article/pii/S0167404822003157