xiaoz
/
vue-hello
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
vue hello world项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
23 MiB
Tree: db49ff5e85
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'db49ff5e85'
${ noResults }
vue-hello/node_modules/eslint-plugin-vue/lib/rules/no-template-target-blank.js

139 lines
3.5 KiB
Raw Normal View History Unescape

add
3 years ago
/**
* @fileoverview disallow target="_blank" attribute without rel="noopener noreferrer"
* @author Sosukesuzuki
*/
'use strict'
// ------------------------------------------------------------------------------
// Requirements
// ------------------------------------------------------------------------------
const utils = require('../utils')
// ------------------------------------------------------------------------------
// Helpers
// ------------------------------------------------------------------------------
/** @param {VAttribute} node */
function isTargetBlank(node) {
return (
node.key &&
node.key.name === 'target' &&
node.value &&
node.value.value === '_blank'
)
}
/**
* @param {VStartTag} node
* @param {boolean} allowReferrer
*/
function hasSecureRel(node, allowReferrer) {
return node.attributes.some((attr) => {
if (attr.key && attr.key.name === 'rel') {
const tags =
attr.value &&
attr.value.type === 'VLiteral' &&
attr.value.value.toLowerCase().split(' ')
return (
tags &&
tags.includes('noopener') &&
(allowReferrer || tags.includes('noreferrer'))
)
} else {
return false
}
})
}
/**
* @param {VStartTag} node
*/
function hasExternalLink(node) {
return node.attributes.some(
(attr) =>
attr.key &&
attr.key.name === 'href' &&
attr.value &&
attr.value.type === 'VLiteral' &&
/^(?:\w+:|\/\/)/.test(attr.value.value)
)
}
/**
* @param {VStartTag} node
*/
function hasDynamicLink(node) {
return node.attributes.some(
(attr) =>
attr.key &&
attr.key.type === 'VDirectiveKey' &&
attr.key.name &&
attr.key.name.name === 'bind' &&
attr.key.argument &&
attr.key.argument.type === 'VIdentifier' &&
attr.key.argument.name === 'href'
)
}
// ------------------------------------------------------------------------------
// Rule Definition
// ------------------------------------------------------------------------------
module.exports = {
meta: {
type: 'problem',
docs: {
description:
'disallow target="_blank" attribute without rel="noopener noreferrer"',
categories: undefined,
url: 'https://eslint.vuejs.org/rules/no-template-target-blank.html'
},
schema: [
{
type: 'object',
properties: {
allowReferrer: {
type: 'boolean'
},
enforceDynamicLinks: {
enum: ['always', 'never']
}
},
additionalProperties: false
}
]
},
/**
* Creates AST event handlers for no-template-target-blank
*
* @param {RuleContext} context - The rule context.
* @returns {Object} AST event handlers.
*/
create(context) {
const configuration = context.options[0] || {}
const allowReferrer = configuration.allowReferrer || false
const enforceDynamicLinks = configuration.enforceDynamicLinks || 'always'
return utils.defineTemplateBodyVisitor(context, {
/** @param {VAttribute} node */
'VAttribute[directive=false]'(node) {
if (!isTargetBlank(node) || hasSecureRel(node.parent, allowReferrer)) {
return
}
const hasDangerHref =
hasExternalLink(node.parent) ||
(enforceDynamicLinks === 'always' && hasDynamicLink(node.parent))
if (hasDangerHref) {
context.report({
node,
message:
'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
})
}
}
})
}
}