Skip to content

Commit 1a08d7b

Browse files
Make the rule work for components defined in named export.
1 parent b94047f commit 1a08d7b

File tree

2 files changed

+17
-0
lines changed

2 files changed

+17
-0
lines changed

rules/utils/index.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ const checkNode = (currentNode, isVariableTrusted, variableNameToBeAssigned = ''
4141
}
4242
break;
4343
case 'ExportDefaultDeclaration':
44+
case 'ExportNamedDeclaration':
4445
checkNode(currentNode.declaration, isVariableTrusted);
4546
break;
4647
case 'VariableDeclaration':

test/catch-potential-xss-react.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,14 @@ function testCase(code) {
2121

2222
ruleTester.run('catch-potential-xss-react', rule, {
2323
valid: [
24+
testCase(`
25+
export const DesktopPostCard = ({ post }) => {
26+
const sanitizedObject = { __html: DOMPurify.sanitize(post.content) };
27+
return (
28+
<div dangerouslySetInnerHTML={sanitizedObject} />
29+
);
30+
};
31+
`),
2432
testCase(`
2533
class Example extends React.Component {
2634
render() {
@@ -186,6 +194,14 @@ ruleTester.run('catch-potential-xss-react', rule, {
186194
`),
187195
],
188196
invalid: [
197+
testCase(`
198+
export const DesktopPostCard = ({ post }) => {
199+
const sanitizedObject = { __html: post.content };
200+
return (
201+
<div dangerouslySetInnerHTML={sanitizedObject} />
202+
);
203+
};
204+
`),
189205
testCase(`
190206
class Example extends React.Component {
191207
render() {

0 commit comments

Comments
 (0)