com.google.javascript.jscomp.example_conformance_proto.textproto Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of closure-compiler-linter Show documentation
Show all versions of closure-compiler-linter Show documentation
Closure Compiler is a JavaScript optimizing compiler. It parses your
JavaScript, analyzes it, removes dead code and rewrites and minimizes
what's left. It also checks syntax, variable references, and types, and
warns about common JavaScript pitfalls. It is used in many of Google's
JavaScript apps, including Gmail, Google Web Search, Google Maps, and
Google Docs.
This binary checks for style issues such as incorrect or missing JSDoc
usage, and missing goog.require() statements. It does not do more advanced
checks such as typechecking.
# Copyright 2014 The Closure Compiler Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains example JS conformance configurations for various problems
# with JavaScript. Since each project may want to opt-in to different rules, and
# each project may need its own specific whitelist, the examples in this file
# are meant to be copied to a project specific conformance_proto.textproto file.
requirement: {
type: BANNED_NAME
error_message: 'eval is not allowed since it can be used to execute '
'arbitrary JavaScript code. It is not typically necessary '
'in ordinary programming.'
value: 'eval'
whitelist: 'javascript/closure/base.js'
whitelist: 'third_party/javascript/closure/base.js'
whitelist: 'javascript/closure/json/json.js'
whitelist: 'third_party/javascript/closure/json/json.js'
}
requirement: {
type: BANNED_PROPERTY
error_message: 'Arguments.prototype.callee is not allowed in ES5 Strict mode.'
'The JavaScript compiler will also check this when '
'CHECK_ES5_STRICT is enabled, but this conformance check also '
'warns for possible violations.'
value: 'Arguments.prototype.callee'
whitelist: 'javascript/closure/base.js' # goog.base uses arguments.callee
whitelist: 'third_party/javascript/closure/base.js' # goog.base uses arguments.callee
whitelist: 'javascript/closure/debug/' # legacy stack trace support, etc
whitelist: 'third_party/javascript/closure/debug/' # legacy stack trace support, etc
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Assignment to Element.prototype.innerHTML is not allowed '
'since passing unsafe content can cause XSS vulnerabilities.'
'Use goog.dom.safe.setInnerHtml instead.'
value: 'Element.prototype.innerHTML'
# Safe wrapper for this property.
whitelist: 'javascript/closure/dom/safe.js'
whitelist: 'third_party/javascript/closure/dom/safe.js'
# Safely used in goog.string.unescapeEntitiesUsingDom_; the string assigned to
# innerHTML is a single HTML entity.
whitelist: 'javascript/closure/string/string.js'
whitelist: 'third_party/javascript/closure/string/string.js'
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Assignment to Element.prototype.outerHTML is not allowed '
'since passing unsafe content can cause XSS vulnerabilities.'
'Use goog.dom.safe.setOuterHtml instead.'
value: 'Element.prototype.outerHTML'
# Safe wrapper for this property.
whitelist: 'javascript/closure/dom/safe.js'
whitelist: 'third_party/javascript/closure/dom/safe.js'
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Assignment to Location.prototype.href is not allowed. '
'Externally controlled content assigned to the href property '
'can cause XSS vulnerabilities, such as executing '
'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
'instead.'
value: 'Location.prototype.href'
# Safe wrapper for this property.
whitelist: 'javascript/closure/dom/safe.js'
whitelist: 'third_party/javascript/closure/dom/safe.js'
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Assignment to Window.prototype.location is not allowed.'
'Externally controlled content assigned to the location '
'object can cause XSS vulnerabilities, such as executing '
'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
'instead.'
value: 'Window.prototype.location'
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Assignment to .href property of Anchor, Link, etc elements, '
'is not allowed. Externally controlled content assigned '
'to the href property can cause XSS vulnerabilities, such as '
'executing javascript:evil() URLs. '
'Use goog.dom.safe.setAnchorHref instead.'
# Types with .href properties that do not extend from Element.
value: 'StyleSheet.prototype.href'
value: 'CSSImportRule.prototype.href'
# All other types extend from Element.
value: 'Element.prototype.href'
# Safe wrapper for this property.
whitelist: 'javascript/closure/dom/safe.js'
whitelist: 'third_party/javascript/closure/dom/safe.js'
}
requirement: {
type: BANNED_PROPERTY_WRITE
error_message: 'Use of document.domain is not allowed since it relaxes the '
'the same origin protections of JavaScript and opens up the '
'attack surface for the domain.'
value: 'Document.prototype.domain'
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy