Make the rule work for components defined in named export.

clement-escolano · clement-escolano · commit 1a08d7bbad9f · 2021-01-14T12:42:30.000+01:00
diff --git a/rules/utils/index.js b/rules/utils/index.js
@@ -41,6 +41,7 @@ const checkNode = (currentNode, isVariableTrusted, variableNameToBeAssigned = ''
       }
       break;
     case 'ExportDefaultDeclaration':
+    case 'ExportNamedDeclaration':
       checkNode(currentNode.declaration, isVariableTrusted);
       break;
     case 'VariableDeclaration':
diff --git a/test/catch-potential-xss-react.js b/test/catch-potential-xss-react.js
@@ -21,6 +21,14 @@ function testCase(code) {
 
 ruleTester.run('catch-potential-xss-react', rule, {
   valid: [
+    testCase(`
+			export const DesktopPostCard = ({ post }) => {
+        const sanitizedObject = { __html: DOMPurify.sanitize(post.content) };
+        return (
+          <div dangerouslySetInnerHTML={sanitizedObject} />
+        );
+      };
+    `),
     testCase(`
 			class Example extends React.Component {
 				render() {
@@ -186,6 +194,14 @@ ruleTester.run('catch-potential-xss-react', rule, {
     `),
   ],
   invalid: [
+    testCase(`
+			export const DesktopPostCard = ({ post }) => {
+        const sanitizedObject = { __html: post.content };
+        return (
+          <div dangerouslySetInnerHTML={sanitizedObject} />
+        );
+      };
+    `),
     testCase(`
 			class Example extends React.Component {
 				render() {

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ const checkNode = (currentNode, isVariableTrusted, variableNameToBeAssigned = ''`
`41`	`41`	`}`
`42`	`42`	`break;`
`43`	`43`	`case 'ExportDefaultDeclaration':`
	`44`	`+ case 'ExportNamedDeclaration':`
`44`	`45`	`checkNode(currentNode.declaration, isVariableTrusted);`
`45`	`46`	`break;`
`46`	`47`	`case 'VariableDeclaration':`