no-script-url.js 1.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. /**
  2. * @fileoverview Rule to flag when using javascript: urls
  3. * @author Ilya Volodin
  4. */
  5. /* jshint scripturl: true */
  6. /* eslint no-script-url: 0 */
  7. "use strict";
  8. //------------------------------------------------------------------------------
  9. // Rule Definition
  10. //------------------------------------------------------------------------------
  11. module.exports = {
  12. meta: {
  13. type: "suggestion",
  14. docs: {
  15. description: "disallow `javascript:` urls",
  16. category: "Best Practices",
  17. recommended: false,
  18. url: "https://eslint.org/docs/rules/no-script-url"
  19. },
  20. schema: [],
  21. messages: {
  22. unexpectedScriptURL: "Script URL is a form of eval."
  23. }
  24. },
  25. create(context) {
  26. return {
  27. Literal(node) {
  28. if (node.value && typeof node.value === "string") {
  29. const value = node.value.toLowerCase();
  30. if (value.indexOf("javascript:") === 0) {
  31. context.report({ node, messageId: "unexpectedScriptURL" });
  32. }
  33. }
  34. }
  35. };
  36. }
  37. };