mozfreddyb
commented
2 years ago Thank you for providing this draft. I'd prefer we let this PR sit until #115 is properly fixed.
Closed WofWca closed 1 year ago
mozfreddyb
commented
2 years ago Thank you for providing this draft. I'd prefer we let this PR sit until #115 is properly fixed.
WofWca
commented
2 years ago Perhaps I wasn't clear. Parsing fails for (a.b = c)(d);.
I think the invalid part of this commit can be split to be later added with #115 if you don't want to put commented-out code in the code base.
mozfreddyb
commented
2 years ago Sorry. I misunderstood your pull request. If I understand the code correctly (a.b = c)(d) will always end up as c(d). So creating a mock/fake CallExpression similar to the other "fake expressions" we create would be the ideal outcome here.
Do you think you want to take a look at that?
WofWca
commented
2 years ago You must be talking this https://github.com/mozilla/eslint-plugin-no-unsanitized/blob/ded7cb38a6f9a29197d224c69e6d15d803cd8245/lib/rules/method.js#L96
I'll give it a try.
WofWca
commented
2 years ago I've pushed the change, but I don't really know what I'm doing so take it with a spoon of salt.
I don't quite understand why this was only done for "MemberExpression" #127
mozfreddyb
commented
1 year ago I think this might be fixed with #207 fixed. Can you test latest the main branch @WofWca?
If it does, we can put this into a new release.
WofWca
commented
1 year ago Yes, (a.b = c)(d); passes as valid.
Not sure how to fix this though
https://github.com/mozilla/eslint-plugin-no-unsanitized/blob/8dae8ae6db66a3ea91b5d2d9469f8e78666ee2fb/lib/rules/method.js#L71-L76
My guess is that
"Identifier"should be handled differently from"MemberExpression"(maybe we're supposed to justbreak;on it?)Feel free to fix it yourself.
Related (see code): #115