Closed lutostag closed 7 years ago
This repo's master is currently unstable. You can use a previously released version from NPM in the meantime: https://www.npmjs.com/package/eslint-plugin-no-unsafe-innerhtml
(https://www.npmjs.com/package/escape-html-template-tag looks neat! Thanks!)
I added some of this to my latest pr for the version bump. I don't know if standard provides ways to customise rules or even use defaults/configs. Testing needed.
By default you need to enable both method and property rule for this to work.
However we will provide defaults so you can do:
{
plugins: ["no-unsanitized"],
extends: ["plugin:no-unsanitized/DOM"]
}
@lutostag Your bug should be fixed when you pull the latest changes. Can you confirm?
If there were documentation on how to call it, that would be helpful. I can't get no-unsanitized to warn when it should, even when I intentionally do not escape. Any idea what I am doing wrong?
As an aside, here is a first stab at some documentation you might include in the README:
Install
With yarn or npm:
Usage
With eslint -- enable the plugin in eslint.rc file by adding it to the plugins section:
(Or any other method in eslint's docs)
With standard:
(Or any other method in standardjs' docs)
A sanitizer you might find useful: https://www.npmjs.com/package/escape-html-template-tag