| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 | /** * @fileoverview disallow target="_blank" attribute without rel="noopener noreferrer" * @author Sosukesuzuki */'use strict'// ------------------------------------------------------------------------------// Requirements// ------------------------------------------------------------------------------const utils = require('../utils')// ------------------------------------------------------------------------------// Helpers// ------------------------------------------------------------------------------/** @param {VAttribute} node */function isTargetBlank(node) {  return (    node.key &&    node.key.name === 'target' &&    node.value &&    node.value.value === '_blank'  )}/** * @param {VStartTag} node * @param {boolean} allowReferrer */function hasSecureRel(node, allowReferrer) {  return node.attributes.some((attr) => {    if (attr.key && attr.key.name === 'rel') {      const tags =        attr.value &&        attr.value.type === 'VLiteral' &&        attr.value.value.toLowerCase().split(' ')      return (        tags &&        tags.includes('noopener') &&        (allowReferrer || tags.includes('noreferrer'))      )    } else {      return false    }  })}/** * @param {VStartTag} node */function hasExternalLink(node) {  return node.attributes.some(    (attr) =>      attr.key &&      attr.key.name === 'href' &&      attr.value &&      attr.value.type === 'VLiteral' &&      /^(?:\w+:|\/\/)/.test(attr.value.value)  )}/** * @param {VStartTag} node */function hasDynamicLink(node) {  return node.attributes.some(    (attr) =>      attr.key &&      attr.key.type === 'VDirectiveKey' &&      attr.key.name &&      attr.key.name.name === 'bind' &&      attr.key.argument &&      attr.key.argument.type === 'VIdentifier' &&      attr.key.argument.name === 'href'  )}// ------------------------------------------------------------------------------// Rule Definition// ------------------------------------------------------------------------------module.exports = {  meta: {    type: 'problem',    docs: {      description:        'disallow target="_blank" attribute without rel="noopener noreferrer"',      categories: undefined,      url: 'https://eslint.vuejs.org/rules/no-template-target-blank.html'    },    schema: [      {        type: 'object',        properties: {          allowReferrer: {            type: 'boolean'          },          enforceDynamicLinks: {            enum: ['always', 'never']          }        },        additionalProperties: false      }    ]  },  /**   * Creates AST event handlers for no-template-target-blank   *   * @param {RuleContext} context - The rule context.   * @returns {Object} AST event handlers.   */  create(context) {    const configuration = context.options[0] || {}    const allowReferrer = configuration.allowReferrer || false    const enforceDynamicLinks = configuration.enforceDynamicLinks || 'always'    return utils.defineTemplateBodyVisitor(context, {      /** @param {VAttribute} node */      'VAttribute[directive=false]'(node) {        if (!isTargetBlank(node) || hasSecureRel(node.parent, allowReferrer)) {          return        }        const hasDangerHref =          hasExternalLink(node.parent) ||          (enforceDynamicLinks === 'always' && hasDynamicLink(node.parent))        if (hasDangerHref) {          context.report({            node,            message:              'Using target="_blank" without rel="noopener noreferrer" is a security risk.'          })        }      }    })  }}
 |