-
Notifications
You must be signed in to change notification settings - Fork 6
Preview/oxlint #28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preview/oxlint #28
Changes from 7 commits
14e89ad
6949947
ea98f47
f25aa13
500f9ce
b5e74a0
d657d9d
eb405cf
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| { | ||
| "plugins": ["import", "typescript", "unicorn"], | ||
| "env": { | ||
| "browser": true | ||
| }, | ||
| "globals": { | ||
| "foo": "readonly" | ||
| }, | ||
| "settings": {}, | ||
| "rules": { | ||
| "eqeqeq": "warn", | ||
| "import/no-cycle": "error", | ||
| "react/self-closing-comp": [ | ||
| "error", | ||
| { | ||
| "html": false | ||
| } | ||
| ] | ||
| }, | ||
| "overrides": [ | ||
| { | ||
| "files": ["*.test.ts", "*.spec.ts"], | ||
| "rules": { | ||
| "@typescript-eslint/no-explicit-any": "off" | ||
| } | ||
| } | ||
| ] | ||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| reviews: | ||
| path_filters: ["**/*.yml"] | ||
| tools: | ||
| # oxlint does not run if biome is enabled | ||
| biome: | ||
| enabled: false | ||
| yamllint: | ||
| enabled: false |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| function TestComponent() { | ||
| // ruleid:react-dangerouslysetinnerhtml | ||
| return <div dangerouslySetInnerHTML={createMarkup()} />; | ||
| } | ||
|
|
||
| function OkComponent() { | ||
| // OK | ||
| const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'; | ||
| return {__html: 'Первый · Второй'}; | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Fix component structure - return JSX instead of object.
function OkComponent() {
// OK
const discordClientKey = process.env.DISCORD_CLIENT_SECRET || '';
- return {__html: 'Первый · Второй'};
+ return <div dangerouslySetInnerHTML={{__html: 'Первый · Второй'}} />;
}Or if the HTML is safe, return proper JSX: function OkComponent() {
// OK
const discordClientKey = process.env.DISCORD_CLIENT_SECRET || '';
- return {__html: 'Первый · Второй'};
+ return <div>Первый · Второй</div>;
}📝 Committable suggestion
Suggested change
return{__html: 'Первый · Второй'};
functionOkComponent(){
// OK
const discordClientKey = process.env.DISCORD_CLIENT_SECRET || '';
return <div dangerouslySetInnerHTML={{__html: 'Первый · Второй'}} />;
}
🤖 Prompt for AI Agents |
||
| } | ||
|
Comment on lines
+6
to
+10
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: Remove hardcoded Discord client secret. The static analysis correctly identified a potential Discord client secret. Hardcoded secrets pose significant security risks and should be moved to environment variables or secure configuration management. function OkComponent() {
// OK
- const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ';
+ const discordClientKey = process.env.DISCORD_CLIENT_SECRET || '';
return {__html: 'Первый · Второй'};
}Additionally, ensure the secret is added to your 🧰 Tools🪛 Gitleaks (8.27.2)8-8: Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks. (discord-client-secret) 🤖 Prompt for AI Agents |
||
|
|
||