search

mozilla / eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
Mozilla Public License 2.0
223 stars 34 forks source link

Adds Typescript support to eslint-plugin-no-unsanitized #137

Closed LukeWood closed 3 years ago

LukeWood commented 4 years ago

This is one of the two operators required for adding typescript support to eslint-plugin-no-unsanitized

Adds support for TSAsExpression and TSTypeAssertion nodes. These are noops.

Adds test cases to method.js to ensure the new behavior is not broken.

LukeWood commented 4 years ago

Hey @mozfreddyb - I'll be discussing long term ownership with my team a bit later today but figured I'd send this over for review.

LukeWood commented 4 years ago

Hey Freddy - I have an update on the status of this PR:

In terms of maintenance of the typescript support here's what we can offer:

Someone at Google will take responsibility for typescript related bugs. This will either be our team (meaning me as long as I am around on the team) or a security team with an interest in the plugin.

Hope that resolves any ambiguity on our commitment to the plugin!

LukeWood commented 3 years ago

Hey Frederik I think I got all of your commends addressed!

LukeWood commented 3 years ago

I'm not sure if I'm missing a requested change somehow - github is still showing this as "Changes requested" but I believed they're all resolved

mozfreddyb commented 3 years ago

I'm afraid I'll have to keep you waiting for a bit as I need to get a different thing finished before mid next week. I will get back to you hopefully before the end of next week.

Thank you for your patience!

LukeWood commented 3 years ago

No prob frederick! Thanks for the update

LukeWood commented 3 years ago

Hey Frederik! Friendly check in - how are things going on this front?

LukeWood commented 3 years ago

Hey there - we're doing some planning around setting up our linting pipeline and I'd like to just reference this repository - unfortunately until we merge this we cant.

Should we go forward publishing a mirror with this commit in it or do you suspect this will be merged in the next week or so.

mozfreddyb commented 3 years ago

Sorry to leave you hanging this long. Looking again (I'll have to jog my memory a bit though)

LukeWood commented 3 years ago

no worries on the timing - we just wanted to figure out our timeline for planning purposes

LukeWood commented 3 years ago

Hey there Freddy let me know if I need to change anything else