-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new dom-elements-no-danger-with-children rule (Fixes #710)
Prevents dangerouslySetInnerHTML and children from being used at the same time
- Loading branch information
1 parent
b164805
commit 5fbee0c
Showing
5 changed files
with
275 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Prevent problem with children and props.dangerouslySetInnerHTML (no-danger-with-children) | ||
|
||
This rule helps prevent problems caused by using children and the dangerouslySetInnerHTML prop at the same time. | ||
React will throw a warning if this rule is ignored. | ||
|
||
## Rule Details | ||
|
||
The following patterns are considered warnings: | ||
|
||
```jsx | ||
<div dangerouslySetInnerHTML={{ __html: "HTML" }}> | ||
Children | ||
</div> | ||
|
||
<Hello dangerouslySetInnerHTML={{ __html: "HTML" }}> | ||
Children | ||
</Hello> | ||
|
||
``` | ||
|
||
```js | ||
React.createElement("div", { dangerouslySetInnerHTML: { __html: "HTML" } }, "Children"); | ||
|
||
React.createElement("Hello", { dangerouslySetInnerHTML: { __html: "HTML" } }, "Children"); | ||
``` | ||
|
||
The following patterns are not considered warnings: | ||
|
||
```jsx | ||
<div dangerouslySetInnerHTML={{ __html: "HTML" }} /> | ||
|
||
<Hello dangerouslySetInnerHTML={{ __html: "HTML" }} /> | ||
|
||
<div> | ||
Children | ||
</div> | ||
|
||
<Hello> | ||
Children | ||
</Hello> | ||
|
||
``` | ||
|
||
```js | ||
React.createElement("div", { dangerouslySetInnerHTML: { __html: "HTML" } }); | ||
|
||
React.createElement("Hello", { dangerouslySetInnerHTML: { __html: "HTML" } }); | ||
|
||
React.createElement("div", {}, "Children"); | ||
|
||
React.createElement("Hello", {}, "Children"); | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
/** | ||
* @fileoverview Report when a DOM element is using both children and dangerouslySetInnerHTML | ||
* @author David Petersen | ||
*/ | ||
'use strict'; | ||
|
||
// ------------------------------------------------------------------------------ | ||
// Rule Definition | ||
// ------------------------------------------------------------------------------ | ||
module.exports = { | ||
meta: { | ||
docs: { | ||
description: 'Report when a DOM element is using both children and dangerouslySetInnerHTML', | ||
category: '', | ||
recommended: false | ||
}, | ||
schema: [] // no options | ||
}, | ||
create: function(context) { | ||
return { | ||
JSXElement: function (node) { | ||
var hasChildren = false; | ||
var attributes = node.openingElement.attributes; | ||
|
||
if (node.children.length) { | ||
hasChildren = true; | ||
} else { | ||
var childrenProp = attributes.find(function (attribute) { | ||
return attribute.name.name === 'children'; | ||
}); | ||
if (childrenProp) { | ||
hasChildren = true; | ||
} | ||
} | ||
|
||
if (attributes && hasChildren) { | ||
var jsxElement = attributes.find(function (attribute) { | ||
return attribute.name.name === 'dangerouslySetInnerHTML'; | ||
}); | ||
|
||
|
||
if (jsxElement) { | ||
context.report(node, 'Only set one of `children` or `props.dangerouslySetInnerHTML`'); | ||
} | ||
} | ||
}, | ||
CallExpression: function (node) { | ||
if ( | ||
node.callee | ||
&& node.callee.type === 'MemberExpression' | ||
&& node.callee.property.name === 'createElement' | ||
&& node.arguments.length > 1 | ||
) { | ||
var hasChildren = false; | ||
|
||
var props = node.arguments[1].properties; | ||
var dangerously = props.find(function(prop) { | ||
return prop.key.name === 'dangerouslySetInnerHTML'; | ||
}); | ||
|
||
|
||
if (node.arguments.length === 2) { | ||
var childrenProp = props.find(function(prop) { | ||
return prop.key.name === 'children'; | ||
}); | ||
if (childrenProp) { | ||
hasChildren = true; | ||
} | ||
} else { | ||
hasChildren = true; | ||
} | ||
|
||
if (dangerously && hasChildren) { | ||
context.report(node, 'Only set one of `children` or `props.dangerouslySetInnerHTML`'); | ||
} | ||
} | ||
} | ||
}; | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
/** | ||
* @fileoverview Report when a DOM element is using both children and dangerouslySetInnerHTML | ||
* @author David Petersen | ||
*/ | ||
'use strict'; | ||
|
||
// ------------------------------------------------------------------------------ | ||
// Requirements | ||
// ------------------------------------------------------------------------------ | ||
|
||
var rule = require('../../../lib/rules/no-danger-with-children'); | ||
var RuleTester = require('eslint').RuleTester; | ||
|
||
var parserOptions = { | ||
ecmaVersion: 6, | ||
ecmaFeatures: { | ||
jsx: true | ||
} | ||
}; | ||
|
||
// ------------------------------------------------------------------------------ | ||
// Tests | ||
// ------------------------------------------------------------------------------ | ||
|
||
var ruleTester = new RuleTester(); | ||
ruleTester.run('no-danger-with-children', rule, { | ||
valid: [ | ||
{ | ||
code: '<div>Children</div>', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: '<div dangerouslySetInnerHTML={{ __html: "HTML" }} />', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: '<Hello>Children</Hello>', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: '<Hello dangerouslySetInnerHTML={{ __html: "HTML" }} />', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: 'React.createElement("div", { dangerouslySetInnerHTML: { __html: "HTML" } });', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: 'React.createElement("div", {}, "Children");', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: 'React.createElement("Hello", { dangerouslySetInnerHTML: { __html: "HTML" } });', | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: 'React.createElement("Hello", {}, "Children");', | ||
parserOptions: parserOptions | ||
} | ||
], | ||
invalid: [ | ||
{ | ||
code: [ | ||
'<div dangerouslySetInnerHTML={{ __html: "HTML" }}>', | ||
' Children', | ||
'</div>' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: '<div dangerouslySetInnerHTML={{ __html: "HTML" }} children="Children" />', | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: [ | ||
'<Hello dangerouslySetInnerHTML={{ __html: "HTML" }}>', | ||
' Children', | ||
'</Hello>' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: '<Hello dangerouslySetInnerHTML={{ __html: "HTML" }} children="Children" />', | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: [ | ||
'React.createElement(', | ||
' "div",', | ||
' { dangerouslySetInnerHTML: { __html: "HTML" } },', | ||
' "Children"', | ||
');' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: [ | ||
'React.createElement(', | ||
' "div",', | ||
' {', | ||
' dangerouslySetInnerHTML: { __html: "HTML" },', | ||
' children: "Children",', | ||
' }', | ||
');' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: [ | ||
'React.createElement(', | ||
' "Hello",', | ||
' { dangerouslySetInnerHTML: { __html: "HTML" } },', | ||
' "Children"', | ||
');' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
}, | ||
{ | ||
code: [ | ||
'React.createElement(', | ||
' "Hello",', | ||
' {', | ||
' dangerouslySetInnerHTML: { __html: "HTML" },', | ||
' children: "Children",', | ||
' }', | ||
');' | ||
].join('\n'), | ||
errors: [{message: 'Only set one of `children` or `props.dangerouslySetInnerHTML`'}], | ||
parserOptions: parserOptions | ||
} | ||
] | ||
}); |