Coder Social home page Coder Social logo

Comments (6)

rszczypka avatar rszczypka commented on June 3, 2024 1

This works but only when done this way

"rules": {
"no-unsanitized/method": ["error", { "escape": { "methods": ["this.domSanitizer.sanitize"] } }],
"no-unsanitized/property": ["error", { "escape": { "methods": ["this.domSanitizer.sanitize"] } }],
}

from eslint-plugin-no-unsanitized.

mozfreddyb avatar mozfreddyb commented on June 3, 2024

We allow custom sanitizers through configurations.
See this testcase to check that users can allow DOMPurify:

eslint-plugin-no-unsanitized/tests/rules/property.js

Lines 154 to 164 in d50ae4d

{ // issue 108: adding tests for custom escaper
code: "w.innerHTML = DOMPurify.sanitize('<em>${evil}</em>');",
parserOptions: { ecmaVersion: 6 },
options: [
{
escape: {
methods: ["DOMPurify.sanitize"]
}
}
]
},
(Added in #108).

Does that not work for you?

from eslint-plugin-no-unsanitized.

Abdullilah avatar Abdullilah commented on June 3, 2024

@mozfreddyb Thanks for your comment.

Could you please tell me how to add it exactly to the configuration?

I tried to add this line to the eslint rules:

"extends": ["plugin:no-unsanitized/DOM"],
"rules": {"no-unsanitized/method": ["error", { "escape": { "methods": ["DomSanitizer.sanitize"] } }]}

OR

"extends": ["plugin:no-unsanitized/DOM"],
"rules": {"no-unsanitized/method": ["error", { "escape": { "methods": ["DOMPurify.sanitize"] } }]}

but I am still getting the same eslint error:

Screen Shot 2022-06-01 at 12 25 34

from eslint-plugin-no-unsanitized.

mozfreddyb avatar mozfreddyb commented on June 3, 2024

In your example, you're modifying the options of the no-unsanitized/method, which protects you from calling methods (e.g., insertAdjacentHTML(), document.write(), ..).

You also need to do this for the no-unsanitized/property rule which protects properties (e.g., .innerHTML)

from eslint-plugin-no-unsanitized.

mozfreddyb avatar mozfreddyb commented on June 3, 2024

@Abdullilah Did you end up resolving your issue? I'm leaning towards closing this issue.

from eslint-plugin-no-unsanitized.

mozfreddyb avatar mozfreddyb commented on June 3, 2024

Looks like everything works as intended here. We can repurpose the issue, if someone wants to update the documentation though.

from eslint-plugin-no-unsanitized.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.