no-msapp-exec-unsafe
Disallow MSApp.execUnsafeLocalFunction calls that bypass script safety checks.
Targeted pattern scopeโ
This rule targets MSApp.execUnsafeLocalFunction(...) usage.
What this rule reportsโ
This rule reports direct calls to unsafe local function execution wrappers.
Why this rule existsโ
This API bypasses platform script injection protections and can allow unsafe DOM or script execution.
โ Incorrectโ
MSApp.execUnsafeLocalFunction(() => {
element.innerHTML = userSuppliedHtml;
});
โ Correctโ
element.textContent = userSuppliedHtml;
ESLint flat config exampleโ
import sdl from "eslint-plugin-sdl-2";
export default [
{
plugins: { sdl },
rules: {
"sdl/no-msapp-exec-unsafe": "error",
},
},
];
When not to use itโ
Disable only for legacy Windows Store app code that is isolated and audited.
Package documentationโ
Further readingโ
Rule catalog ID: R022