• Home
• com.google.javascript
• closure-compiler-linter
• v20200830
• source code
• example_conformance_proto.textproto

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.google.javascript.jscomp.example_conformance_proto.textproto Maven / Gradle / Ivy

# Copyright 2014 The Closure Compiler Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This file contains example JS conformance configurations for various problems
# with JavaScript. Since each project may want to opt-in to different rules, and
# each project may need its own specific whitelist, the examples in this file
# are meant to be copied to a project specific conformance_proto.textproto file.

requirement: {
  type: BANNED_NAME
  error_message: 'eval is not allowed since it can be used to execute '
                 'arbitrary JavaScript code. It is not typically necessary '
                 'in ordinary programming.'

  value: 'eval'

  whitelist: 'javascript/closure/base.js'
  whitelist: 'third_party/javascript/closure/base.js'
  whitelist: 'javascript/closure/json/json.js'
  whitelist: 'third_party/javascript/closure/json/json.js'
}

requirement: {
  type: BANNED_PROPERTY
  error_message: 'Arguments.prototype.callee is not allowed in ES5 Strict mode.'
                 'The JavaScript compiler will also check this when '
                 'CHECK_ES5_STRICT is enabled, but this conformance check also '
                 'warns for possible violations.'

  value: 'Arguments.prototype.callee'

  whitelist: 'javascript/closure/base.js'  # goog.base uses arguments.callee
  whitelist: 'third_party/javascript/closure/base.js'  # goog.base uses arguments.callee
  whitelist: 'javascript/closure/debug/'  # legacy stack trace support, etc
  whitelist: 'third_party/javascript/closure/debug/'  # legacy stack trace support, etc
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Element.prototype.innerHTML is not allowed '
                 'since passing unsafe content can cause XSS vulnerabilities.'
                 'Use goog.dom.safe.setInnerHtml instead.'

  value: 'Element.prototype.innerHTML'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'

  # Safely used in goog.string.unescapeEntitiesUsingDom_; the string assigned to
  # innerHTML is a single HTML entity.
  whitelist: 'javascript/closure/string/string.js'
  whitelist: 'third_party/javascript/closure/string/string.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Element.prototype.outerHTML is not allowed '
                 'since passing unsafe content can cause XSS vulnerabilities.'
                 'Use goog.dom.safe.setOuterHtml instead.'

  value: 'Element.prototype.outerHTML'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Location.prototype.href is not allowed. '
                 'Externally controlled content assigned to the href property '
                 'can cause XSS vulnerabilities, such as executing '
                 'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
                 'instead.'

  value: 'Location.prototype.href'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to Window.prototype.location is not allowed.'
                 'Externally controlled content assigned to the location '
                 'object can cause XSS vulnerabilities, such as executing '
                 'javascript:evil() URLs. Use goog.dom.safe.setLocationHref '
                 'instead.'

  value: 'Window.prototype.location'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Assignment to .href property of Anchor, Link, etc elements, '
                 'is not allowed.  Externally controlled content assigned '
                 'to the href property can cause XSS vulnerabilities, such as '
                 'executing javascript:evil() URLs. '
                 'Use goog.dom.safe.setAnchorHref instead.'

  # Types with .href properties that do not extend from Element.
  value: 'StyleSheet.prototype.href'
  value: 'CSSImportRule.prototype.href'

  # All other types extend from Element.
  value: 'Element.prototype.href'

  # Safe wrapper for this property.
  whitelist: 'javascript/closure/dom/safe.js'
  whitelist: 'third_party/javascript/closure/dom/safe.js'
}

requirement: {
  type: BANNED_PROPERTY_WRITE
  error_message: 'Use of document.domain is not allowed since it relaxes the '
                 'the same origin protections of JavaScript and opens up the '
                 'attack surface for the domain.'

  value: 'Document.prototype.domain'
}