zl1n/eslint-plugin-xss

ESLint plugin for XSS detection

eslint-plugin-xss

Tries to detect XSS issues in codebase before they end up in production.

Installation

You'll first need to install ESLint:

$ npm install eslint --save-dev

Next, install eslint-plugin-xss:

$ npm install eslint-plugin-xss --save-dev

Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-xss globally.

Usage

Add xss to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:

{
    "plugins": [
        "xss"
    ]
}

Then configure the rules you want to use under the rules section.

{
    "rules": {
        "xss/rule-name": 2
    }
}

Or:

Enable all rules by adding the following to your .eslintrc configuration file

{
    "extends": [
        "plugin:xss/recommended"
    ]
}

Supported Rules

• xss/no-mixed-html: Warn about possible XSS issues.
• xss/no-location-href-assign: Warn when trying to modify location.href.