Closed 43081j closed 1 year ago
stramel
commented
1 year ago Wondering if this would be a better fit in the WC plugin instead of lit?
Also wondering if array of strings (attributes) will be too limiting long term? Will we need to add disallowed attributes based on their values or per element/component? Just food for thought
43081j
commented
1 year ago i think we desperately need to update this plugin to depend on the wc plugin, then it'd make sense to put this rule there.
unfortunately, until then i suspect people don't realise that plugin exists a lot of the time but do know this exists.
ill have a go at adding that dependency in separately before we decide on this rule
43081j
commented
1 year ago ah! @stramel it does belong in here after all i think. because this is specific to attributes used within templates.
if we did it in the wc plugin, it'd only be capable of detecting them in shadow root innerHTML and not much else.
thernstig
commented
1 year ago Personally I believe the entry text at docs/rules/ban-attributes.md could mention that a common use case is to disable the style attribute due to CSP directives best-practices. But maybe you do not want to be that explicit in docs?
43081j
commented
1 year ago it could be a nice example to add to the intro at the top of those docs i think, just a brief one like:
For example, you may want to disallow attributes such as
styleto comply with content security policy best practices.
Fixes #123