Skip to main content

ðŸŸĒ Common

Use for baseline browser/runtime security checks in JavaScript or TypeScript projects.

Config key​

sdl.configs.common;

Flat Config example​

import sdl from "eslint-plugin-sdl-2";

export default [...sdl.configs.common];

Rules in this preset​

  • Fix legend:
    • 🔧 = autofixable
    • ðŸ’Ą = suggestions available
    • — = report only
RuleFix
no-cookies—
no-document-domain—
no-document-execcommand-insert-html—
no-document-parse-html-unsafe—
no-document-write—
no-domparser-html-without-sanitization—
no-domparser-svg-without-sanitization—
no-dynamic-import-unsafe-url—
no-html-method—
no-iframe-srcdoc—
no-inner-html—
no-insecure-random—
no-insecure-url🔧
no-location-javascript-url—
no-message-event-without-origin-check—
no-msapp-exec-unsafe—
no-postmessage-star-originðŸ’Ą
no-postmessage-without-origin-allowlist—
no-range-create-contextual-fragment—
no-script-src-data-url—
no-script-text—
no-service-worker-unsafe-script-url—
no-set-html-unsafe—
no-window-open-without-noopener—
no-winjs-html-unsafe—
no-worker-blob-url—
no-worker-data-url—