From 597553d1307a6a2eb04c79d4a3b97431f977a8a0 Mon Sep 17 00:00:00 2001 From: akulsr0 Date: Mon, 6 May 2024 12:05:19 +0530 Subject: [PATCH] [New] `no-danger`: add `customComponentNames` option --- CHANGELOG.md | 6 ++- docs/rules/no-danger.md | 14 ++++++ lib/rules/no-danger.js | 24 +++++++++- tests/lib/rules/no-danger.js | 86 ++++++++++++++++++++++++++++++++++++ 4 files changed, 126 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4cd79ece1..57d22ee42c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,16 +13,18 @@ This change log adheres to standards from [Keep a CHANGELOG](https://keepachange * [`jsx-handler-names`]: support ignoring component names ([#3772][] @akulsr0) * version settings: Allow react defaultVersion to be configurable ([#3771][] @onlywei) * [`jsx-closing-tag-location`]: add `line-aligned` option ([#3777] @kimtaejin3) +* [`no-danger`]: add `customComponentNames` option ([#3748][] @akulsr0) ### Changed * [Refactor] `variableUtil`: Avoid creating a single flat variable scope for each lookup ([#3782][] @DanielRosenwasser) -e[#3782]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3782 +[#3782]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3782 [#3777]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3777 [#3774]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3774 [#3772]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3772 [#3771]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3771 [#3759]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3759 +[#3748]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3748 [#3724]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3724 [#3694]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3694 @@ -60,7 +62,7 @@ e[#3782]: https://github.com/jsx-eslint/eslint-plugin-react/pull/3782 ### Fixed * [`boolean-prop-naming`]: avoid a crash with a non-TSTypeReference type ([#3718][] @developer-bandi) -* [`jsx-no-leaked-render`]: invalid report if left side is boolean ([#3746][] @akulsr0) +* [`jsx-no-leaked-render`]: invalid report if left eside is boolean ([#3746][] @akulsr0) * [`jsx-closing-bracket-location`]: message shows `{{details}}` when there are no details ([#3759][] @mdjermanovic) * [`no-invalid-html-attribute`]: ensure error messages are correct ([#3759][] @mdjermanovic, @ljharb) diff --git a/docs/rules/no-danger.md b/docs/rules/no-danger.md index 417989e0b2..6ffe8b9a93 100644 --- a/docs/rules/no-danger.md +++ b/docs/rules/no-danger.md @@ -24,6 +24,20 @@ var React = require('react'); var Hello =
Hello World
; ``` +## Rule Options + +```js +... +"react/no-danger": [, { + "customComponentNames": Array, +}] +... +``` + +### customComponentNames + +Defaults to `[]`, if you want to enable this rule for all custom components you can pass `customComponentNames` as `['*']`, or else you can pass specific components name to the array. + ## When Not To Use It If you are certain the content passed to dangerouslySetInnerHTML is sanitized HTML you can disable this rule. diff --git a/lib/rules/no-danger.js b/lib/rules/no-danger.js index eecdd87e23..be5c961e61 100644 --- a/lib/rules/no-danger.js +++ b/lib/rules/no-danger.js @@ -7,6 +7,7 @@ const has = require('hasown'); const fromEntries = require('object.fromentries/polyfill')(); +const minimatch = require('minimatch'); const docsUrl = require('../util/docsUrl'); const jsxUtil = require('../util/jsx'); @@ -55,13 +56,32 @@ module.exports = { messages, - schema: [], + schema: [{ + type: 'object', + properties: { + customComponentNames: { + items: { + type: 'string', + }, + minItems: 0, + type: 'array', + uniqueItems: true, + }, + }, + }], }, create(context) { + const configuration = context.options[0] || {}; + const customComponentNames = configuration.customComponentNames || []; + return { JSXAttribute(node) { - if (jsxUtil.isDOMComponent(node.parent) && isDangerous(node.name.name)) { + const functionName = node.parent.name.name; + + const enableCheckingCustomComponent = customComponentNames.some((name) => minimatch(functionName, name)); + + if ((enableCheckingCustomComponent || jsxUtil.isDOMComponent(node.parent)) && isDangerous(node.name.name)) { report(context, messages.dangerousProp, 'dangerousProp', { node, data: { diff --git a/tests/lib/rules/no-danger.js b/tests/lib/rules/no-danger.js index 11618c77f7..e354ad28bd 100644 --- a/tests/lib/rules/no-danger.js +++ b/tests/lib/rules/no-danger.js @@ -32,6 +32,26 @@ ruleTester.run('no-danger', rule, { { code: ';' }, { code: ';' }, { code: '
;' }, + { + code: '
;', + options: [{ customComponentNames: ['*'] }], + }, + { + code: ` + function App() { + return hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['Home'] }], + }, + { + code: ` + function App() { + return <TextMUI dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['MUI*'] }], + }, ]), invalid: parsers.all([ { @@ -43,5 +63,71 @@ ruleTester.run('no-danger', rule, { }, ], }, + { + code: '<App dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />;', + options: [{ customComponentNames: ['*'] }], + errors: [ + { + messageId: 'dangerousProp', + data: { name: 'dangerouslySetInnerHTML' }, + }, + ], + }, + { + code: ` + function App() { + return <Title dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['Title'] }], + errors: [ + { + messageId: 'dangerousProp', + data: { name: 'dangerouslySetInnerHTML' }, + }, + ], + }, + { + code: ` + function App() { + return <TextFoo dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['*Foo'] }], + errors: [ + { + messageId: 'dangerousProp', + data: { name: 'dangerouslySetInnerHTML' }, + }, + ], + }, + { + code: ` + function App() { + return <FooText dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['Foo*'] }], + errors: [ + { + messageId: 'dangerousProp', + data: { name: 'dangerouslySetInnerHTML' }, + }, + ], + }, + { + code: ` + function App() { + return <TextMUI dangerouslySetInnerHTML={{ __html: "<span>hello</span>" }} />; + } + `, + options: [{ customComponentNames: ['*MUI'] }], + errors: [ + { + messageId: 'dangerousProp', + data: { name: 'dangerouslySetInnerHTML' }, + }, + ], + }, ]), });