search

mozilla / eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
Mozilla Public License 2.0
222 stars 33 forks source link

New major release with variable tracing enabled by default #187

Closed mozfreddyb closed 2 years ago

stof commented 2 years ago

Where is this variableTracing option set in the eslint config file ? The doc does not show an example.

mozfreddyb commented 2 years ago

The feature is enabled by default, I would like to know more why you want to disable it. Here's how you'd do it in your eslintrc file (AFAIU):

 "rules": {
        "no-unsanitized/method": [
            "error",
            {
                "variableTracing": false
            }
        ]
  }
stof commented 2 years ago

@mozfreddyb the config is not yet enabled by default, as this PR is not merged and released. My idea was more to try enabling it manually today, to see the impact.

Btw why not using eslint settings to be able to configure all rules of the plugin at once for such config instead of having to redo it for all rules (AFAICT, no-unsanitized/method is not the only rule using that) ?

mozfreddyb commented 2 years ago

@mozfreddyb the config is not yet enabled by default, as this PR is not merged and released. My idea was more to try enabling it manually today, to see the impact.

Btw why not using eslint settings to be able to configure all rules of the plugin at once for such config instead of having to redo it for all rules (AFAICT, no-unsanitized/method is not the only rule using that) ?

Not sure how that works. TBH, looking at eslint docs it wasnt super clear to me. Any help (even if just a detailed new issue filed here) would be very useful! :)