Closed nrutman closed 1 month ago
The customization / configuration should allow you to switch the current behavior. I believe our documentation in docs/rules/customization.md might not properly reflect that and might be outdated with the upcoming migration to eslint 9, but maybe this test case helps
Well sure. I can turn the defaults off, but then isn't that essentially the same as not including no-unsanitized/method
?
I am wondering if I could redefine the default with a more strict regex. I'm trying something like this for the rule definition:
'no-unsanitized/method': [
'error',
{
escape: {
methods: ['sanitizeHtml', 'useHtmlSanitizer'],
},
},
{
write: {
objectMatches: ['^document$'],
properties: [0],
},
writeln: {
objectMatches: ['^document$'],
properties: [0],
},
},
],
But now I can't get it to error on something like:
document.write('foo');
Do you have any thoughts about how I can have it issue a lint error when matching the global document
object but not on an object that simply has document
in the name?
Looks like the instructions are a bit unclear, spelunking at the code around findings for the objectMatches
stuff, it seems you may have to use \bdocument\b
or such.
@nrutman Did that work for you?
@nrutman I'm going to close this and will be happy to re-open if this problem persists.
Unfortunately, I can't use the
no-unsanitized/method
rule because I have a custom object namedcontrolListDocumentCache
which has awrite
method.When including
no-unsanitized/method
I get the following lint error:It seems overly restrictive that this lint rule would prevent any variable name with
document
in the name that implements awrite()
method. Could we more strictly reference the global JSdocument
object so it doesn't flag these custom variables/objects?