Allow method calls of import (fixes #135)

mozilla / eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike

Mozilla Public License 2.0

222 stars 33 forks source link

Allow method calls of import (fixes #135) #150

Closed gijsk closed 3 years ago

gijsk commented 3 years ago

As noted in https://github.com/mozilla/eslint-plugin-no-unsanitized/issues/135#issuecomment-701463062 , in modern parsers this should be OK as the "real" dynamic import cannot be renamed or called as a method.

mozfreddyb commented 3 years ago

liberal parser support can bite us here. I've found various way this is parsed, by going through eslint, babel-eslint, @babel/parser on https://astexplorer.net/:

acorn, babel-eslint ImportExpression
@babel/parser: CallExpression with "type": "Import"
flow (which we dont care about): CallExpression with a callee that is not an Identifier node, but rather a node of type Import

We don't care about flow, but can we make sure that we catch the others with tests per-parser?

mozfreddyb commented 3 years ago

Bedankt! :)