generated from SAP/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
47 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,45 @@ | ||
import { taskStart } from "../../detectors/util/perf.js"; | ||
import {taskStart} from "../../detectors/util/perf.js"; | ||
import {extractScriptTags} from "../../detectors/transpilers/html/transpiler.js"; | ||
import {LintMessageSeverity} from "../../detectors/AbstractDetector.js"; | ||
import Reporter from "../å../detectors/Reporter.js"; | ||
|
||
import type { TranspileResult } from "../../detectors/transpilers/AbstractTranspiler.js"; | ||
Check failure on line 6 in src/linter/html/linter.ts GitHub Actions / General checks, tests and coverage reporting
|
||
import type { ReadStream } from "node:fs"; | ||
Check failure on line 7 in src/linter/html/linter.ts GitHub Actions / General checks, tests and coverage reporting
|
||
|
||
|
||
export async function lintHtml(resourceName: string, contentStream: ReadStream): Promise<TranspileResult> { | ||
const taskLintEnd = taskStart("Static lint", resourceName); | ||
const report = new Reporter("", resourceName); | ||
Check failure on line 12 in src/linter/html/linter.ts GitHub Actions / General checks, tests and coverage reporting
|
||
|
||
const scriptTags = await extractScriptTags(contentStream); | ||
const jsScriptTags = scriptTags.filter((tag) => tag.attributes.every((attr) => { | ||
// The "type" attribute of the script tag should be | ||
// 1. not set (default), | ||
// 2. an empty string, | ||
// 3. or a JavaScript MIME type (text/javascript) | ||
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type#attribute_is_not_set_default_an_empty_string_or_a_javascript_mime_type | ||
return attr.name.value !== "type" || | ||
(attr.name.value === "type" && | ||
(attr.value.value === "" || attr.value.value === "text/javascript")); | ||
})); | ||
|
||
|
||
jsScriptTags.forEach((tag) => { | ||
const scriptContent = tag.textNodes?.map((tNode) => tNode.value).join("").trim(); | ||
|
||
if (scriptContent) { | ||
report.addMessage({ | ||
// node: `/sap.ui5/dependencies/libs/${libKey}`, | ||
severity: LintMessageSeverity.Error, | ||
ruleId: "ui5-linter-csp-compliance", | ||
message: `Use of inline javascript`, | ||
messageDetails: "In order to avoid CSP errors, avoid usage of inline javascript", | ||
}); | ||
} | ||
}); | ||
|
||
taskLintEnd(); | ||
|
||
return { messages: [], source: "", map: "" }; | ||
const {messages} = report.getReport(); | ||
return {messages, source: "", map: ""}; | ||
} |