New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[New] jsx-no-target-blank
: Add warnOnSpreadAttributes
option
#2855
[New] jsx-no-target-blank
: Add warnOnSpreadAttributes
option
#2855
Conversation
Defaults to `false`. When set to `true`, treats spread attributes as dangerous unless explicitly overriden. e.g. the following is safe: <a {...dangerousObject} rel="noreferrer" target="_blank"></a> This change also extends target="_blank" detection to include conditional expressions whose alternate or consequent is the "_blank" string (case-insensitive). Fixes #2827
cc @ljharb |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM pending comment.
I've changed the option name to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall
lib/rules/jsx-no-target-blank.js
Outdated
} | ||
} | ||
return false; | ||
})(node.attributes[targetIndex]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this IIFE is a bit weird here. can it be refactored?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, yes maybe it's a bit too terse. I will break out the function, which might also make this a little faster since the rule won't have to recreate the function.
lib/rules/jsx-no-target-blank.js
Outdated
&& relAttribute.value.expression | ||
&& relAttribute.value.expression.value | ||
)); | ||
const tags = value && value.toLowerCase && value.toLowerCase().split(' '); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const tags = value && value.toLowerCase && value.toLowerCase().split(' '); | |
const tags = value && typeof value === 'string' && value.toLowerCase().split(' '); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had left this as is since it was carried over from the previous change, but I like this more explicit check as well.
This is ready for review again. |
jsx-no-target-blank
: Add warnOnSpreadAttributes
option
Any chance this could be enabled by default or added to the recommended preset in the next major release? We're using the recommended preset, and that would save an override of the preset with this rule simply to enable this option 🙏 |
In the next major release, yes (along with many other changes), because it’d be a breaking change - but there’s no major releases planned any time soon. |
Resolves #2827
I've changed the rule to warn on the
JSXOpeningElement
instead of a specific attribute. There is a technical reason and an architectural reason:trustSpreadAttributes
, we could end up with multiple warnings for the same problem e.g. once on atarget="_blank"
attribute and once on{...myUnsafeObject}
spread attributeCommit message