1/** 2 * @fileoverview Rule to flag when using javascript: urls 3 * @author Ilya Volodin 4 */ 5/* jshint scripturl: true */ 6/* eslint no-script-url: 0 */ 7 8"use strict"; 9 10//------------------------------------------------------------------------------ 11// Rule Definition 12//------------------------------------------------------------------------------ 13 14module.exports = { 15 meta: { 16 type: "suggestion", 17 18 docs: { 19 description: "disallow `javascript:` urls", 20 category: "Best Practices", 21 recommended: false, 22 url: "https://eslint.org/docs/rules/no-script-url" 23 }, 24 25 schema: [], 26 27 messages: { 28 unexpectedScriptURL: "Script URL is a form of eval." 29 } 30 }, 31 32 create(context) { 33 34 return { 35 36 Literal(node) { 37 if (node.value && typeof node.value === "string") { 38 const value = node.value.toLowerCase(); 39 40 if (value.indexOf("javascript:") === 0) { 41 context.report({ node, messageId: "unexpectedScriptURL" }); 42 } 43 } 44 } 45 }; 46 47 } 48}; 49