Skip to content

feat(linter): Implement react/iframe-missing-sandbox #6383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DonIsaac merged 10 commits into from
Oct 10, 2024
Merged

feat(linter): Implement react/iframe-missing-sandbox #6383

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1cdc4ad
feat(linter): Implement iframe-missing-sandbox
radu2147 Oct 9, 2024
3f95f6c
Merge branch 'main' into feat/iframe-missing-sandbox
radu2147 Oct 9, 2024
c37aad9
Change rule category and remove fix option
radu2147 Oct 9, 2024
b2d99de
Move function outside impl
radu2147 Oct 9, 2024
b82aa68
Address comments
radu2147 Oct 9, 2024
7f50811
Improve help mesages
radu2147 Oct 10, 2024
1597bb1
Update crates/oxc_linter/src/rules/react/iframe_missing_sandbox.rs
DonIsaac Oct 10, 2024
ae49986
Update crates/oxc_linter/src/rules/react/iframe_missing_sandbox.rs
DonIsaac Oct 10, 2024
fd620c5
Update crates/oxc_linter/src/rules/react/iframe_missing_sandbox.rs
DonIsaac Oct 10, 2024
84d0da9
Merge branch 'main' into feat/iframe-missing-sandbox
DonIsaac Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move function outside impl
  • Loading branch information
@radu2147
radu2147 committed Oct 9, 2024
commit b2d99de505b965cf0e3a1a1b334e28b34ba9d2db
93 changes: 44 additions & 49 deletions crates/oxc_linter/src/rules/react/iframe_missing_sandbox.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ use oxc_ast::AstKind;
use oxc_diagnostics::OxcDiagnostic;
use oxc_macros::declare_oxc_lint;
use oxc_span::Span;
use phf::{phf_set, Set};

use crate::utils::{get_prop_value, has_jsx_prop_ignore_case, is_create_element_call};
use crate::{context::LintContext, rule::Rule, AstNode};
Expand All @@ -27,6 +28,24 @@ fn invalid_sandbox_combination_prop(span: Span) -> OxcDiagnostic {
.with_label(span)
}

const ALLOWED_VALUES: Set<&'static str> = phf_set! {
"",
"allow-downloads-without-user-activation",
"allow-downloads",
"allow-forms",
"allow-modals",
"allow-orientation-lock",
"allow-pointer-lock",
"allow-popups",
"allow-popups-to-escape-sandbox",
"allow-presentation",
"allow-same-origin",
"allow-scripts",
"allow-storage-access-by-user-activation",
"allow-top-navigation",
"allow-top-navigation-by-user-activation"
};

#[derive(Debug, Default, Clone)]
pub struct IframeMissingSandbox;

Expand Down Expand Up @@ -74,7 +93,7 @@ impl Rule for IframeMissingSandbox {
ctx.diagnostic(missing_sandbox_prop(identifier.span));
},
|sandbox_prop| {
self.validate_sandbox_attribute(sandbox_prop, ctx);
validate_sandbox_attribute(sandbox_prop, ctx);
},
);
}
Expand Down Expand Up @@ -106,7 +125,7 @@ impl Rule for IframeMissingSandbox {
ctx.diagnostic(missing_sandbox_prop(obj_expr.span));
},
|sandbox_prop| {
self.validate_sandbox_property(sandbox_prop, ctx);
validate_sandbox_property(sandbox_prop, ctx);
},
);
} else {
Expand All @@ -118,58 +137,34 @@ impl Rule for IframeMissingSandbox {
}
}
}

impl IframeMissingSandbox {
#[allow(clippy::unused_self)]
fn get_allowed_values(&self) -> Vec<&str> {
vec![
"",
"allow-downloads-without-user-activation",
"allow-downloads",
"allow-forms",
"allow-modals",
"allow-orientation-lock",
"allow-pointer-lock",
"allow-popups",
"allow-popups-to-escape-sandbox",
"allow-presentation",
"allow-same-origin",
"allow-scripts",
"allow-storage-access-by-user-activation",
"allow-top-navigation",
"allow-top-navigation-by-user-activation",
]
}

fn validate_sandbox_value(&self, literal: &StringLiteral, ctx: &LintContext) {
let attrs = literal.value.as_str().split(' ').collect::<Vec<&str>>();
let mut allow_same_origin = false;
let mut allow_scripts = false;
for trimmed_atr in attrs.into_iter().map(str::trim) {
if !self.get_allowed_values().contains(&trimmed_atr) {
ctx.diagnostic(invalid_sandbox_prop(literal.span, trimmed_atr));
}
if trimmed_atr == "allow-scripts" {
allow_scripts = true;
}
if trimmed_atr == "allow-same-origin" {
allow_same_origin = true;
}
fn validate_sandbox_value(literal: &StringLiteral, ctx: &LintContext) {
let attrs = literal.value.as_str().split(' ').collect::<Vec<&str>>();
let mut allow_same_origin = false;
let mut allow_scripts = false;
for trimmed_atr in attrs.into_iter().map(str::trim) {
if !ALLOWED_VALUES.contains(trimmed_atr) {
ctx.diagnostic(invalid_sandbox_prop(literal.span, trimmed_atr));
}
if trimmed_atr == "allow-scripts" {
allow_scripts = true;
}
if allow_scripts && allow_same_origin {
ctx.diagnostic(invalid_sandbox_combination_prop(literal.span));
if trimmed_atr == "allow-same-origin" {
allow_same_origin = true;
}
}
if allow_scripts && allow_same_origin {
ctx.diagnostic(invalid_sandbox_combination_prop(literal.span));
}
}

fn validate_sandbox_property(&self, object_property: &ObjectProperty, ctx: &LintContext) {
if let Expression::StringLiteral(str) = object_property.value.without_parentheses() {
self.validate_sandbox_value(str, ctx);
}
fn validate_sandbox_property(object_property: &ObjectProperty, ctx: &LintContext) {
if let Expression::StringLiteral(str) = object_property.value.without_parentheses() {
validate_sandbox_value(str, ctx);
}
fn validate_sandbox_attribute(&self, jsx_el: &JSXAttributeItem, ctx: &LintContext) {
if let Some(JSXAttributeValue::StringLiteral(str)) = get_prop_value(jsx_el) {
self.validate_sandbox_value(str, ctx);
}
}
fn validate_sandbox_attribute(jsx_el: &JSXAttributeItem, ctx: &LintContext) {
if let Some(JSXAttributeValue::StringLiteral(str)) = get_prop_value(jsx_el) {
validate_sandbox_value(str, ctx);
}
}

Expand Down