eslint/lib/rules/no-script-url.js

   1 /**
   2  * @fileoverview Rule to flag when using javascript: urls
   3  * @author Ilya Volodin
   4  */
   5 /* eslint no-script-url: 0 -- Code is checking to report such URLs */
   6
   7 "use strict";
   8
   9 const astUtils = require("./utils/ast-utils");
  10
  11 //------------------------------------------------------------------------------
  12 // Rule Definition
  13 //------------------------------------------------------------------------------
  14
  15 module.exports = {
  16     meta: {
  17         type: "suggestion",
  18
  19         docs: {
  20             description: "disallow `javascript:` urls",
  21             recommended: false,
  22             url: "https://eslint.org/docs/rules/no-script-url"
  23         },
  24
  25         schema: [],
  26
  27         messages: {
  28             unexpectedScriptURL: "Script URL is a form of eval."
  29         }
  30     },
  31
  32     create(context) {
  33
  34         /**
  35          * Check whether a node's static value starts with "javascript:" or not.
  36          * And report an error for unexpected script URL.
  37          * @param {ASTNode} node node to check
  38          * @returns {void}
  39          */
  40         function check(node) {
  41             const value = astUtils.getStaticStringValue(node);
  42
  43             if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) {
  44                 context.report({ node, messageId: "unexpectedScriptURL" });
  45             }
  46         }
  47         return {
  48             Literal(node) {
  49                 if (node.value && typeof node.value === "string") {
  50                     check(node);
  51                 }
  52             },
  53             TemplateLiteral(node) {
  54                 if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) {
  55                     check(node);
  56                 }
  57             }
  58         };
  59     }
  60 };