mirror of
https://github.com/OpenMaxIO/openmaxio-object-browser
synced 2026-07-01 07:41:18 -07:00
79 lines
2.2 KiB
YAML
79 lines
2.2 KiB
YAML
|
|
rules:
|
|||
|
|
- id: js-func-encode-uri-Component
|
|||
|
|
patterns:
|
|||
|
|
- pattern: encodeURIComponent($X)
|
|||
|
|
- pattern-not-inside: |
|
|||
|
|
export const encodeURLString = (...) => {
|
|||
|
|
...
|
|||
|
|
};
|
|||
|
|
message: Use encodeURLString() instead of encodeURIComponent()
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
fix: encodeURLString($X)
|
|||
|
|
- id: js-func-encode-uri
|
|||
|
|
patterns:
|
|||
|
|
- pattern: encodeURI($X)
|
|||
|
|
message: Use encodeURLString() instead of encodeURI()
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
fix: encodeURLString($X)
|
|||
|
|
- id: js-dangerous-func-document-write
|
|||
|
|
patterns:
|
|||
|
|
- pattern: document.write(...)
|
|||
|
|
message: Don't render html directly into the page, use React components instead
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
- id: js-dangerous-func-assign-document-write
|
|||
|
|
patterns:
|
|||
|
|
- pattern: |
|
|||
|
|
$X1 = document
|
|||
|
|
...
|
|||
|
|
$X1.write(...)
|
|||
|
|
message: Don't render html directly into the page, use React components instead
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
- id: js-dangerous-func-document-writeln
|
|||
|
|
patterns:
|
|||
|
|
- pattern: document.writeln(...)
|
|||
|
|
message: Don't render html directly into the page, use React components instead
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
- id: js-dangerous-func-assign-document-writeln
|
|||
|
|
patterns:
|
|||
|
|
- pattern: |
|
|||
|
|
$X1 = document
|
|||
|
|
...
|
|||
|
|
$X1.writeln(...)
|
|||
|
|
message: Don't render html directly into the page, use React components instead
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
severity: WARNING
|
|||
|
|
- id: react-dangerouslysetinnerhtml
|
|||
|
|
languages:
|
|||
|
|
- typescript
|
|||
|
|
- javascript
|
|||
|
|
message: "Setting HTML from code is risky because it’s easy to inadvertently expose your users to a cross-site scripting (XSS) attack."
|
|||
|
|
pattern-either:
|
|||
|
|
- pattern: |
|
|||
|
|
<$X dangerouslySetInnerHTML=... />
|
|||
|
|
- pattern: |
|
|||
|
|
{dangerouslySetInnerHTML: ...}
|
|||
|
|
- pattern: |
|
|||
|
|
$X1.innerHTML=...
|
|||
|
|
- pattern: |
|
|||
|
|
$X1.outerHTML=...
|
|||
|
|
- pattern: |
|
|||
|
|
$X1.insertAdjacentHTML=...
|
|||
|
|
severity: WARNING
|