no-script-url.js 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. /**
  2. * @fileoverview Rule to flag when using javascript: urls
  3. * @author Ilya Volodin
  4. */
  5. /* jshint scripturl: true */
  6. /* eslint no-script-url: 0 */
  7. "use strict";
  8. const astUtils = require("./utils/ast-utils");
  9. //------------------------------------------------------------------------------
  10. // Rule Definition
  11. //------------------------------------------------------------------------------
  12. module.exports = {
  13. meta: {
  14. type: "suggestion",
  15. docs: {
  16. description: "disallow `javascript:` urls",
  17. category: "Best Practices",
  18. recommended: false,
  19. url: "https://eslint.org/docs/rules/no-script-url"
  20. },
  21. schema: [],
  22. messages: {
  23. unexpectedScriptURL: "Script URL is a form of eval."
  24. }
  25. },
  26. create(context) {
  27. /**
  28. * Check whether a node's static value starts with "javascript:" or not.
  29. * And report an error for unexpected script URL.
  30. * @param {ASTNode} node node to check
  31. * @returns {void}
  32. */
  33. function check(node) {
  34. const value = astUtils.getStaticStringValue(node);
  35. if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) {
  36. context.report({ node, messageId: "unexpectedScriptURL" });
  37. }
  38. }
  39. return {
  40. Literal(node) {
  41. if (node.value && typeof node.value === "string") {
  42. check(node);
  43. }
  44. },
  45. TemplateLiteral(node) {
  46. if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) {
  47. check(node);
  48. }
  49. }
  50. };
  51. }
  52. };