Open silverwind opened 6 months ago
Accepted
To reduce code churn, maybe it should have an option to limit it to attribute selectors as indicated by [
and ]
in the surrounding strings. Patterns like below are pretty common and not exactly a problem if the string contains only CSS-safe characters:
const className = 'foo';
document.querySelectorAll(`.${classname}`);
Description
CSS.escape should always be used when interpolating arbritrary variables into a CSS selector to ensure correct escaping.
Fail
Pass
Any tagged template should not trigger the rule: