Unsupported Callee of type TaggedTemplateExpression for CallExpression

mozilla / eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike

Mozilla Public License 2.0

222 stars 33 forks source link

Unsupported Callee of type TaggedTemplateExpression for CallExpression #154

Closed ragmha closed 3 years ago

ragmha commented 3 years ago

The error message is: Error in no-unsanitized: Unexpected Callee. ESLint version is: 7.15.0 eslint-plugin-no-unsanitized version: 3.1.4 The minimal code to reproduce:

test.each`
  a    | b    | expected
  ${1} | ${1} | ${2}
  ${1} | ${2} | ${3}
  ${2} | ${1} | ${3}
`('returns $expected when $a is added $b', ({a, b, expected}) => {
  expect(a + b).toBe(expected);
});

Thanks!

mozfreddyb commented 3 years ago

Wow, that is oddly written code. But I'll accept that this is a thing, looking at https://jestjs.io/docs/en/api#2--testeachtablename-fn-timeout-

mozfreddyb commented 3 years ago

Technically, the invokation of test.each with a template string is a tagged template string. That must be returning a function, which in itself is being called with a string (returns .. and an arrow function (({a, b, expected ...) as the parameters.

What kind of function is that test.each tagged template string supposed to return?

ragmha commented 3 years ago

It returns expect of each test cases

E.g

 expect(1 + 1).toBe(2);
 expect(1 + 2).toBe(3);
 ..
 ...

mozfreddyb commented 3 years ago

I'll come up with a patch that will accept this as a valid callable, but the linter won't be able to dive in and perform a security analysis for dynamically generated functions... Thank you for filing this!