search

wikimedia / eslint-plugin-no-jquery

Control allowance of certain jQuery functions, and suggest or autofix alternatives.
MIT License
31 stars 8 forks source link

New rule: `no-append-html` #284

Closed edg2s closed 2 years ago

edg2s commented 2 years ago

This rules disallows appending anything that isn't a jQuery collection, to guard against possible XSS.

edg2s commented 2 years ago

WIP, needs some real-world testing

codecov[bot] commented 2 years ago

Codecov Report

Merging #284 (9ebbd9a) into master (9b87d5b) will not change coverage. The diff coverage is 100.00%.

:exclamation: Current head 9ebbd9a differs from pull request most recent head c6273c8. Consider uploading reports for the commit c6273c8 to get more accurate results

@@            Coverage Diff            @@
##            master      #284   +/-   ##
=========================================
Coverage   100.00%   100.00%           
=========================================
Files          101       102    +1     
Lines          583       600   +17     
=========================================
+ Hits           583       600   +17
Impacted Files Coverage Δ
src/index.js 100.00% <ø> (ø)
src/rules/no-append-html.js 100.00% <100.00%> (ø)
jdforrester commented 2 years ago

How did the real-world testing work out?

edg2s commented 2 years ago

Quite well - need to cover other methods that use the domManip function in jQuery: before/after/replaceWith