ESLint provides a scope interface that allows tracing variables back to their definitions and other references.
This can be used to see if the variable foo in el.innerHTML = foo traces back to a hardcoded string and is therefore secure.
For this to work, one needs to ensure that backtracing can not be fooled into believing an early variable declaration that is - at some point- overwritten.
I'll implement this incrementally with some trade-offs and omissions that will be filed as follow-ups. This will probably make us miss some variables that could be traced back, but at least it won't cause a security issue.
ESLint provides a scope interface that allows tracing variables back to their definitions and other references.
This can be used to see if the variable
foo
inel.innerHTML = foo
traces back to a hardcoded string and is therefore secure.For this to work, one needs to ensure that backtracing can not be fooled into believing an early variable declaration that is - at some point- overwritten.
I'll implement this incrementally with some trade-offs and omissions that will be filed as follow-ups. This will probably make us miss some variables that could be traced back, but at least it won't cause a security issue.