Home Verkennen Help
Inloggen
makenotabuggreatagain
/
eslint-plugin-react
Volgen 0
Ster 0
Vork 0
Bestanden Kwesties 0 Pull-aanvragen 0 Wiki
Aftakking: master
Aftakkingen Labels
eslint-plugi...
/
lib
/
rules
/
jsx-no-target-blank.js

jsx-no-target-blank.js 2.3 KB
Permalink Geschiedenis Ruwe

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. /**
    2. 

  2.  * @fileoverview Forbid target='_blank' attribute
    3. 

  3.  * @author Kevin Miller
    4. 

  4.  */
    5. 

  5. 'use strict';
    6. 

  6. 

  7. const docsUrl = require('../util/docsUrl');
    8. 

  8. 

  9. // ------------------------------------------------------------------------------
    10. 

  10. // Rule Definition
    11. 

  11. // ------------------------------------------------------------------------------
    12. 

  12. 

  13. function isTargetBlank(attr) {
    14. 

  14.   return attr.name.name === 'target' &&
    15. 

  15.     attr.value.type === 'Literal' &&
    16. 

  16.     attr.value.value.toLowerCase() === '_blank';
    17. 

  17. }
    18. 

  18. 

  19. function hasExternalLink(element) {
    20. 

  20.   return element.attributes.some(attr => attr.name &&
    21. 

  21.       attr.name.name === 'href' &&
    22. 

  22.       attr.value.type === 'Literal' &&
    23. 

  23.       /^(?:\w+:|\/\/)/.test(attr.value.value));
    24. 

  24. }
    25. 

  25. 

  26. function hasDynamicLink(element) {
    27. 

  27.   return element.attributes.some(attr => attr.name &&
    28. 

  28.     attr.name.name === 'href' &&
    29. 

  29.     attr.value.type === 'JSXExpressionContainer');
    30. 

  30. }
    31. 

  31. 

  32. function hasSecureRel(element) {
    33. 

  33.   return element.attributes.find(attr => {
    34. 

  34.     if (attr.type === 'JSXAttribute' && attr.name.name === 'rel') {
    35. 

  35.       const tags = attr.value && attr.value.type === 'Literal' && attr.value.value.toLowerCase().split(' ');
    36. 

  36.       return tags && (tags.indexOf('noopener') >= 0 && tags.indexOf('noreferrer') >= 0);
    37. 

  37.     }
    38. 

  38.     return false;
    39. 

  39.   });
    40. 

  40. }
    41. 

  41. 

  42. module.exports = {
    43. 

  43.   meta: {
    44. 

  44.     docs: {
    45. 

  45.       description: 'Forbid target="_blank" attribute without rel="noopener noreferrer"',
    46. 

  46.       category: 'Best Practices',
    47. 

  47.       recommended: true,
    48. 

  48.       url: docsUrl('jsx-no-target-blank')
    49. 

  49.     },
    50. 

  50.     schema: [{
    51. 

  51.       type: 'object',
    52. 

  52.       properties: {
    53. 

  53.         enforceDynamicLinks: {
    54. 

  54.           enum: ['always', 'never']
    55. 

  55.         }
    56. 

  56.       },
    57. 

  57.       additionalProperties: false
    58. 

  58.     }]
    59. 

  59.   },
    60. 

  60. 

  61.   create: function(context) {
    62. 

  62.     const configuration = context.options[0] || {};
    63. 

  63.     const enforceDynamicLinks = configuration.enforceDynamicLinks || 'always';
    64. 

  64. 

  65.     return {
    66. 

  66.       JSXAttribute: function(node) {
    67. 

  67.         if (node.parent.name.name !== 'a' || !isTargetBlank(node) || hasSecureRel(node.parent)) {
    68. 

  68.           return;
    69. 

  69.         }
    70. 

  70. 

  71.         if (hasExternalLink(node.parent) || (enforceDynamicLinks === 'always' && hasDynamicLink(node.parent))) {
    72. 

  72.           context.report(node, 'Using target="_blank" without rel="noopener noreferrer" ' +
    73. 

  73.           'is a security risk: see https://mathiasbynens.github.io/rel-noopener');
    74. 

  74.         }
    75. 

  75.       }
    76. 

  76.     };
    77. 

  77.   }
    78. 

  78. };
    79. 

  79.