search

mozilla / eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
Mozilla Public License 2.0
228 stars 37 forks source link

[typescript] Unsupported Callee for CallExpression (NonNullExpression) #111

Closed LironEr closed 3 years ago

LironEr commented 4 years ago 
Error in no-unsanitized: Unexpected Callee no-unsanitized/method

The error is when using TypeScript ! sign

const forTimeline = (id: string) => {
    if (!firebaseProvider.app) return;

    const timeline = firebaseProvider.app.database!()
        .ref('timelines')
        .child(id)
        .orderByChild('timestamp');

    return timeline;
};

This is my .eslintrc.js file

module.exports = {
    parser: '@typescript-eslint/parser',
    extends: [
        'plugin:@typescript-eslint/recommended',
        'prettier/@typescript-eslint',
        'plugin:prettier/recommended',
        'plugin:react/recommended',
        'plugin:security/recommended',
        'plugin:no-unsanitized/DOM',
    ],
    plugins: ['scanjs-rules', 'security', 'no-unsanitized', 'no-wildcard-postmessage'],
    parserOptions: {
        ecmaVersion: 2018,
        sourceType: 'module',
        ecmaFeatures: {
            jsx: true,
        },
    },
    rules: {
        '@typescript-eslint/explicit-function-return-type': 'off',
        '@typescript-eslint/no-explicit-any': 'off',
        '@typescript-eslint/no-empty-interface': [
            'error',
            {
                allowSingleExtends: true,
            },
        ],
        '@typescript-eslint/no-use-before-define': ['error', {functions: false, classes: true}],
        'security/detect-non-literal-require': 'off',
        'security/detect-object-injection': 'off',
        '@typescript-eslint/no-inferrable-types': 'off',
        '@typescript-eslint/no-non-null-assertion': 'off',
    },
    settings: {
        react: {
            version: 'detect',
        },
    },
};
mozfreddyb commented 4 years ago

Thank you for filing this. My experience with typescript is zero, I didn't even know we supported a bit of typescript. I guess this is blocked on the decision whether we want to support typescript. I can imagine there is an increased cost once I start typescript support, that I'd have to maintain it and I'm not in a good position to do so.

Having said that, here's an early start at how this individual issue could be solved.

Looking at TS and how it parses into an AST, it seems like we'd need to support:

I've used the https://ts-ast-viewer.com/ website to understand parsing.

ghost commented 4 years ago

Hey there @mozfreddyb !

I work on Cloud Shell and would like to use eslint-plugin-no-unsanitized on some of our code. Unfortunately it is typescript code.

If I get a PR ready to add support for these features would you be willing to accept it?

mozfreddyb commented 3 years ago

I think this issue can be closed. @LironEr pls file a new one if I'm mistaken here.