https://github.com/Rantanen/eslint-plugin-xss

ESLint plugin for XSS detection
https://github.com/Rantanen/eslint-plugin-xss

Last synced: 22 days ago
JSON representation

ESLint plugin for XSS detection

• Host: GitHub
• URL: https://github.com/Rantanen/eslint-plugin-xss
• Owner: Rantanen
• License: other
• Created: 2016-04-25T20:08:41.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2023-08-29T08:51:15.000Z (almost 2 years ago)
• Last Synced: 2025-04-08T03:15:53.312Z (about 2 months ago)
• Language: JavaScript
• Size: 58.6 KB
• Stars: 67
• Watchers: 1
• Forks: 16
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-eslint - xss - Tries to detect XSS issues in codebase before they end up in production. (Plugins / Security)
• fucking-awesome-eslint - xss - Tries to detect XSS issues in codebase before they end up in production. (Plugins / Security)
• fucking-awesome-eslint - xss - Tries to detect XSS issues in codebase before they end up in production. (Plugins / Security)

README

        
# eslint-plugin-xss

[![NPM version](http://img.shields.io/npm/v/eslint-plugin-xss.svg)](https://www.npmjs.com/package/eslint-plugin-xss)

[![Build Status](https://travis-ci.org/Rantanen/eslint-plugin-xss.svg?branch=master)](https://travis-ci.org/Rantanen/eslint-plugin-xss)

[![Codecov](https://codecov.io/gh/Rantanen/eslint-plugin-xss/branch/master/graph/badge.svg)](https://codecov.io/gh/Rantanen/eslint-plugin-xss)

[![Codacy](https://api.codacy.com/project/badge/grade/13e5c7abeb4545359ca9b02c0e91bb72)](https://www.codacy.com/app/jubjub/eslint-plugin-xss)

Tries to detect XSS issues in codebase before they end up in production.

## Installation

You'll first need to install [ESLint](http://eslint.org):

```

$ npm install eslint --save-dev

```

Next, install `eslint-plugin-xss`:

```

$ npm install eslint-plugin-xss --save-dev

```

**Note:** If you installed ESLint globally (using the `-g` flag) then you must also install `eslint-plugin-xss` globally.

## Usage

Add `xss` to the plugins section of your `.eslintrc` configuration file. You can omit the `eslint-plugin-` prefix:

```json

{

    "plugins": [

        "xss"

    ]

}

```

Then configure the rules you want to use under the rules section.

```json

{

    "rules": {

        "xss/rule-name": 2

    }

}

```

Or:

Enable all rules by adding the following to your `.eslintrc` configuration file

```json

{

    "extends": [

        "plugin:xss/recommended"

    ]

}

```

## Supported Rules

* [xss/no-mixed-html](docs/rules/no-mixed-html.md): Warn about possible XSS issues.

* [xss/no-location-href-assign](docs/rules/no-location-href-assign.md): Warn when trying to modify location.href.