From 6970b57faaae7f19e5436561a5ffd5dfca44b4ab Mon Sep 17 00:00:00 2001 From: yeonjuan Date: Tue, 20 Oct 2020 23:12:47 +0900 Subject: [PATCH 1/5] Fix: check template literal in no-script-url --- docs/rules/no-script-url.md | 2 ++ lib/rules/no-script-url.js | 28 +++++++++++++++++----------- tests/lib/rules/no-script-url.js | 17 ++++++++++++++++- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/docs/rules/no-script-url.md b/docs/rules/no-script-url.md index 475959dacb1..5c71eb41327 100644 --- a/docs/rules/no-script-url.md +++ b/docs/rules/no-script-url.md @@ -10,6 +10,8 @@ Examples of **incorrect** code for this rule: /*eslint no-script-url: "error"*/ location.href = "javascript:void(0)"; + +location.href = `javascript:void(0)`; ``` ## Compatibility diff --git a/lib/rules/no-script-url.js b/lib/rules/no-script-url.js index 2078fc1dcea..81b0e93b013 100644 --- a/lib/rules/no-script-url.js +++ b/lib/rules/no-script-url.js @@ -7,6 +7,8 @@ "use strict"; +const astUtils = require("./utils/ast-utils"); + //------------------------------------------------------------------------------ // Rule Definition //------------------------------------------------------------------------------ @@ -31,18 +33,22 @@ module.exports = { create(context) { - return { - - Literal(node) { - if (node.value && typeof node.value === "string") { - const value = node.value.toLowerCase(); - - if (value.indexOf("javascript:") === 0) { - context.report({ node, messageId: "unexpectedScriptURL" }); - } - } + /** + * Check whether a node's static value starts with "javascript:" or not. + * And report an error for unexpected script URL. + * @param {ASTNode} node node to check + * @returns {void} + */ + function check(node) { + const value = astUtils.getStaticStringValue(node); + + if (typeof value === "string" && value.indexOf("javascript:") === 0) { + context.report({ node, messageId: "unexpectedScriptURL" }); } + } + return { + Literal: check, + TemplateLiteral: check }; - } }; diff --git a/tests/lib/rules/no-script-url.js b/tests/lib/rules/no-script-url.js index 6eca268ce8d..08155559e77 100644 --- a/tests/lib/rules/no-script-url.js +++ b/tests/lib/rules/no-script-url.js @@ -22,7 +22,15 @@ ruleTester.run("no-script-url", rule, { valid: [ "var a = 'Hello World!';", "var a = 10;", - "var url = 'xjavascript:'" + "var url = 'xjavascript:'", + { + code: "var url = `xjavascript:`", + parserOptions: { ecmaVersion: 6 } + }, + { + code: "var url = `${foo}javascript:`", + parserOptions: { ecmaVersion: 6 } + } ], invalid: [ { @@ -36,6 +44,13 @@ ruleTester.run("no-script-url", rule, { errors: [ { messageId: "unexpectedScriptURL", type: "Literal" } ] + }, + { + code: "var a = `javascript:`;", + parserOptions: { ecmaVersion: 6 }, + errors: [ + { messageId: "unexpectedScriptURL", type: "TemplateLiteral" } + ] } ] }); From 3830788db6f55ae955f6f1f9b7475d8a5b7238e3 Mon Sep 17 00:00:00 2001 From: yeonjuan Date: Wed, 21 Oct 2020 22:38:14 +0900 Subject: [PATCH 2/5] handle uppercase --- lib/rules/no-script-url.js | 2 +- tests/lib/rules/no-script-url.js | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/rules/no-script-url.js b/lib/rules/no-script-url.js index 81b0e93b013..c3fca7b05dc 100644 --- a/lib/rules/no-script-url.js +++ b/lib/rules/no-script-url.js @@ -42,7 +42,7 @@ module.exports = { function check(node) { const value = astUtils.getStaticStringValue(node); - if (typeof value === "string" && value.indexOf("javascript:") === 0) { + if (typeof value === "string" && value.toLocaleLowerCase().indexOf("javascript:") === 0) { context.report({ node, messageId: "unexpectedScriptURL" }); } } diff --git a/tests/lib/rules/no-script-url.js b/tests/lib/rules/no-script-url.js index 08155559e77..e894c56ae1e 100644 --- a/tests/lib/rules/no-script-url.js +++ b/tests/lib/rules/no-script-url.js @@ -51,6 +51,13 @@ ruleTester.run("no-script-url", rule, { errors: [ { messageId: "unexpectedScriptURL", type: "TemplateLiteral" } ] + }, + { + code: "var a = `JavaScript:`;", + parserOptions: { ecmaVersion: 6 }, + errors: [ + { messageId: "unexpectedScriptURL", type: "TemplateLiteral" } + ] } ] }); From 0dc7c7498d609e74516bf55328e421ad481c2d34 Mon Sep 17 00:00:00 2001 From: yeonjuan Date: Wed, 21 Oct 2020 22:47:39 +0900 Subject: [PATCH 3/5] handle tagged template literal --- lib/rules/no-script-url.js | 6 +++++- tests/lib/rules/no-script-url.js | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/rules/no-script-url.js b/lib/rules/no-script-url.js index c3fca7b05dc..e8682691b98 100644 --- a/lib/rules/no-script-url.js +++ b/lib/rules/no-script-url.js @@ -48,7 +48,11 @@ module.exports = { } return { Literal: check, - TemplateLiteral: check + TemplateLiteral(node) { + if (node.parent && node.parent.type !== "TaggedTemplateExpression") { + check(node); + } + } }; } }; diff --git a/tests/lib/rules/no-script-url.js b/tests/lib/rules/no-script-url.js index e894c56ae1e..8dd296161a8 100644 --- a/tests/lib/rules/no-script-url.js +++ b/tests/lib/rules/no-script-url.js @@ -30,6 +30,10 @@ ruleTester.run("no-script-url", rule, { { code: "var url = `${foo}javascript:`", parserOptions: { ecmaVersion: 6 } + }, + { + code: "var a = foo`javaScript:`;", + parserOptions: { ecmaVersion: 6 } } ], invalid: [ From 6d6ee78280f161387d89944c9b0db3e45ff0233d Mon Sep 17 00:00:00 2001 From: yeonjuan Date: Thu, 22 Oct 2020 12:22:17 +0900 Subject: [PATCH 4/5] change to toLowerCase --- lib/rules/no-script-url.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rules/no-script-url.js b/lib/rules/no-script-url.js index e8682691b98..01d40f23f4b 100644 --- a/lib/rules/no-script-url.js +++ b/lib/rules/no-script-url.js @@ -42,7 +42,7 @@ module.exports = { function check(node) { const value = astUtils.getStaticStringValue(node); - if (typeof value === "string" && value.toLocaleLowerCase().indexOf("javascript:") === 0) { + if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) { context.report({ node, messageId: "unexpectedScriptURL" }); } } From 789b1ce69ae2c92ed1dbd5284d0c1c96aa637832 Mon Sep 17 00:00:00 2001 From: yeonjuan Date: Fri, 23 Oct 2020 11:38:11 +0900 Subject: [PATCH 5/5] check only string literal --- lib/rules/no-script-url.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/rules/no-script-url.js b/lib/rules/no-script-url.js index 01d40f23f4b..0c820524403 100644 --- a/lib/rules/no-script-url.js +++ b/lib/rules/no-script-url.js @@ -47,9 +47,13 @@ module.exports = { } } return { - Literal: check, + Literal(node) { + if (node.value && typeof node.value === "string") { + check(node); + } + }, TemplateLiteral(node) { - if (node.parent && node.parent.type !== "TaggedTemplateExpression") { + if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) { check(node); } }