Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no-sanitizer-with-danger: Add fixer function #8

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

no-sanitizer-with-danger: Add fixer function #8

wants to merge 6 commits into from

Conversation

seanmizen
Copy link

@seanmizen seanmizen commented Jun 15, 2023
edited

Add fixer function - wrap in wrapperName[0]

Wraps the value of __html: <value> to __html: sanitizer(<value>). Uses wrapperName[0] as the preferred sanitizer function.

Assume the repo has wrapperName[0] (e.g. sanitizer) available as a function.

Does not auto-import the sanitizer function.

What kind of change does this PR introduce? (check at least one)

  • Bugfix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Code style update
  • Refactor (refactoring or adding test which isn't a fix or add a feature)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Build-related changes
  • Other, please describe:

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

Did you test your solution?

  • I lightly tested it in one browser
  • I deeply tested it in several browsers
  • I wrote tests around it (unit tests, integration tests, E2E tests)

Unit tests written. Problem: tests for the other two rules failing - possibly a node or npm version issue on my end?

Problem Description

Problem: the helper messages are nice but the library does not provide an auto-fixer for developers. We see some value in this as it will disambiguate the error messages by simply solving the issue.

1: "Dangerous property '{{name}}' without sanitizer found."

This not specify the name of the sanitizer - for a large org or codebase how does the developer know which sanitizer to use? There is potential confusion here.

2: "Wrapper name is not one of '{{wrapperName}}'.",

While this does help, a developer might take this as a signal to replace the current outermost wrapper instead of wrapping it with the sanitizer (the intended behaviour).

Here is the scenario:

Developer thinks he should replace __html: textFormatterFunctionNotRelatedToSanitization(<value>) with __html: sanitizer(<value>).

Solution Description

Replaces this:

<div
  dangerouslySetInnerHTML={{
    __html: dangerousContent,
  }}
/>

with this:

<div
  dangerouslySetInnerHTML={{
    __html: sanitizeHtml(dangerousContent),
  }}
/>

Side Effects, Risks, Impact

  • N/A

This is my first FOSS PR.

@seanmizen seanmizen mentioned this pull request Jun 15, 2023
Closed
13 tasks
@seanmizen seanmizen marked this pull request as ready for review June 16, 2023 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@seanmizen