Migration to a new repo

[jonathanKingston]

Proposal

• [x] Move this repo under https://github.com/mozilla/
• [x] Make breaking changes to splitting properties, rules and config changes before submission
  • [x] Create rules for each type: no-unsanitized/property, no-unsanitized/method, no-unsanitized/jsx
• [x] Rename to be not specific about innerHTML. Proposed name: "eslint-plugin-no-unsanitized"

Justification

• Moving under a Mozilla namespace will gain recognition and maintainers
• Moving names solves ambiguity issues
• Allows us to expand beyond DOM sanitization, configurability would allow SVG, React, Glimmer etc level escaping specific to a framework
• Solves configuration bloat which would get developers linting incorrectly or choosing to disable a rule on an existing repo (https://github.com/mozfreddyb/eslint-plugin-no-unsafe-innerhtml/issues/29)
• Allows other expansion for anything regarding catching sanitisation under other rules, for example
  • This also allows me to shut off this plugin to consolidate users, contributors etc
• Keeping all three proposed subrules under the same plugin means the code can share a lot of the same checks (which it currently does)
• no-unsanitized
  • matches the no prefix used by native rules: http://eslint.org/docs/rules/
  • unsanitized because native methods use en-us
  • Isn't specific to DOM

Further tasks

• [x] Provide migration advice on this repo of how to configure using the exact same setup as this currently does.
• [x] Publish npm
• [ ] Alert all dependencies tracked on npm
• [x] Inform 18f of the move
• [x] Ask this author for an update too
• [ ] Write a hacks post about the changes
• [x] Migrate outstanding issues over

CC other parties involved in this plugin: @EnTeQuAk, @KevinGrandon, @LockeLamora, @marumari

I'm willing to do all of this in my own time, the only change I can't make is creating the repo on Mozilla org with the right permissions for maintainers etc.

[mozfreddyb]

CCing again. April is no longer @marumari, she's @april now

[mozfreddyb]

Sorry to keep you waiting on a reply. I'm in. Let's do this 👍

[muffinresearch]

@jonathanKingston hi - are there any blockers to publishing this on npm?

[mozfreddyb]

it's not completely done, but yes. we should make a release :) on it!

[mozfreddyb]

published as 2.0, @muffinresearch

[mozfreddyb]

Proposal

• [ ] Alert all dependencies tracked on npm
• [ ] Write a hacks post about the changes

Uh oh :roll_eyes: . I shall add this to my Q4 plans.

[mozfreddyb]

I marked the old package as deprecated. It did not have a lot of downloads anyway. https://www.npmjs.com/package/eslint-plugin-no-unsafe-innerhtml