search

Automattic / VIP-Coding-Standards

PHP_CodeSniffer ruleset to enforce WordPress VIP coding standards.
https://wpvip.com/documentation/how-to-install-php-code-sniffer-for-wordpress-com-vip/
Other
237 stars 40 forks source link

HTMLExecutingFunctionsSniff: Add more unsafe functions to $HTMLExecutingFunctions #686

Open rebeccahum opened 3 years ago

rebeccahum commented 3 years ago

Describe the solution you'd like

We should add to the $HTMLExecutingFunctions property the following functions:

What code should be reported as a violation?

(function(){
    divElem.outerHTML = "<div>Hello " + userControlledVal + "</div>"; // Warning.
    divElem.insertAdjacentHTML("","<b>"+ userControlledVal + "</b>"); // Warning.
})();

Additional context

http://blog.blueclosure.com/2017/09/