1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| /**
| * @fileoverview Restrict or warn use of v-html to prevent XSS attack
| * @author Nathan Zeplowitz
| */
| 'use strict'
| const utils = require('../utils')
|
| // ------------------------------------------------------------------------------
| // Rule Definition
| // ------------------------------------------------------------------------------
|
| module.exports = {
| meta: {
| type: 'suggestion',
| docs: {
| description: 'disallow use of v-html to prevent XSS attack',
| category: 'recommended',
| url: 'https://eslint.vuejs.org/rules/no-v-html.html'
| },
| fixable: null,
| schema: []
| },
| create (context) {
| return utils.defineTemplateBodyVisitor(context, {
| "VAttribute[directive=true][key.name.name='html']" (node) {
| context.report({
| node,
| loc: node.loc,
| message: "'v-html' directive can lead to XSS attack."
| })
| }
| })
| }
| }
|
|
