Closed LukeWood closed 4 years ago
I want to prevent this eslint plugin from being a one-stop-shop for all things dangerous JavaScript. It wouldn't be super immediately useful for the ways we are using the plugin at Mozilla.
The issues with assignments to script.src, a.href, window.location, and react props are really only possible with type annotations, which makes it tricky to support fully. There are also lots of rules out there that do the things you're listing above, e.g.
sounds good & totally understand.
Thanks Frederik!
Hey @mozfreddyb,
Now that Typescript support is wrapping up I'd like to run something by you!
I've been working on a suite of rules to run over various frontends to scan for xss vulnerabilities. The list of xss sinks I'd like the suite to handle are:
Do any of these seem like good fits to add to eslint-plugin-no-unsanitized? If so I'd like to offer my help in the development process.