com.google.javascript.jscomp.example_conformance_proto.textproto Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of closure-compiler-linter Show documentation

Closure Compiler is a JavaScript optimizing compiler. It parses your JavaScript, analyzes it, removes dead code and rewrites and minimizes what's left. It also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. It is used in many of Google's JavaScript apps, including Gmail, Google Web Search, Google Maps, and Google Docs. This binary checks for style issues such as incorrect or missing JSDoc usage, and missing goog.require() statements. It does not do more advanced checks such as typechecking.

There is a newer version: v20200830

Show newest version

# Copyright 2014 The Closure Compiler Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This file contains example JS conformance configurations for various problems
# with JavaScript. Since each project may want to opt-in to different rules, and
# each project may need its own specific whitelist, the examples in this file
# are meant to be copied to a project specific conformance_proto.textproto file.

requirement: {
  type: BANNED_NAME
  error_message: 'eval is not allowed since it can be used to execute '
                 'arbitrary JavaScript code. It is not typically necessary '
                 'in ordinary programming.'

  value: 'eval'

  whitelist: 'javascript/closure/base.js'
  whitelist: 'third_party/javascript/closure/base.js'
  whitelist: 'javascript/closure/json/json.js'
  whitelist: 'third_party/javascript/closure/json/json.js'
}

requirement: {
  type: BANNED_PROPERTY
  error_message: 'Arguments.prototype.callee is not allowed in ES5 Strict mode.'
                 'The JavaScript compiler will also check this when '
                 'CHECK_ES5_STRICT is enabled, but this conformance check also '
                 'warns for possible violations.'

  value: 'Arguments.prototype.callee'

  whitelist: 'javascript/closure/base.js'  # goog.base uses arguments.callee
  whitelist: 'third_party/javascript/closure/base.js'  # goog.base uses arguments.callee
  whitelist: 'javascript/closure/debug/'  # legacy stack trace support, etc
  whitelist: 'third_party/javascript/closure/debug/'  # legacy stack trace support, etc
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Element.prototype.innerHTML is not allowed '
                 'since passing unsafe content can cause XSS vulnerabilities.'
                 'Use goog.dom.safe.setInnerHtml instead.'

  value: 'Element.prototype.innerHTML'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'

  # Safely used in goog.string.unescapeEntitiesUsingDom_; the string assigned to
  # innerHTML is a single HTML entity.
  whitelist: 'javascript/closure/string/string.js'
  whitelist: 'third_party/javascript/closure/string/string.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Element.prototype.outerHTML is not allowed '
                 'since passing unsafe content can cause XSS vulnerabilities.'
                 'Use goog.dom.safe.setOuterHtml instead.'

  value: 'Element.prototype.outerHTML'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Location.prototype.href is not allowed. '
                 'Externally controlled content assigned to the href property '
                 'can cause XSS vulnerabilities, such as executing '
                 'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
                 'instead.'

  value: 'Location.prototype.href'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Window.prototype.location is not allowed.'
                 'Externally controlled content assigned to the location '
                 'object can cause XSS vulnerabilities, such as executing '
                 'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
                 'instead.'

  value: 'Window.prototype.location'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to .href property of Anchor, Link, etc elements, '
                 'is not allowed.  Externally controlled content assigned '
                 'to the href property can cause XSS vulnerabilities, such as '
                 'executing javascript:evil() URLs. '
                 'Use goog.dom.safe.setAnchorHref instead.'

  # Types with .href properties that do not extend from Element.
  value: 'StyleSheet.prototype.href'
  value: 'CSSImportRule.prototype.href'

  # All other types extend from Element.
  value: 'Element.prototype.href'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Use of document.domain is not allowed since it relaxes the '
                 'the same origin protections of JavaScript and opens up the '
                 'attack surface for the domain.'

  value: 'Document.prototype.domain'
}