2 年之前 · 2d7e003263
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1,4 +1,4 @@
 
				-const { readGlobalsFile } = require('./scripts/webpack-util');
			
 
				+const { readGlobalsFile, restrictedSyntax } = require('./scripts/webpack-util');
			
 
				 const ovr = makeOverrides();
			
 
				 
			
 
				 module.exports = {
			
@@ -169,28 +169,7 @@ function makeOverrides() {
 
				           patterns: ['*/common', '*/common/*'],
			
 
				         }
			
 
				       ],
			
 
				-      'no-restricted-syntax': [
			
 
				-        'error', {
			
 
				-          selector: 'ObjectExpression > ExperimentalSpreadProperty',
			
 
				-          message: 'Object spread adds a polyfill in injected* even if unused by it',
			
 
				-        }, {
			
 
				-          selector: 'ArrayPattern',
			
 
				-          message: 'Destructuring via Symbol.iterator may be spoofed/broken in an unsafe environment',
			
 
				-        }, {
			
 
				-          selector: ':matches(ArrayExpression, CallExpression) > SpreadElement',
			
 
				-          message: 'Spreading via Symbol.iterator may be spoofed/broken in an unsafe environment',
			
 
				-        }, {
			
 
				-          selector: '[callee.object.name="Object"], MemberExpression[object.name="Object"]',
			
 
				-          message: 'Using potentially spoofed methods in an unsafe environment',
			
 
				-          // TODO: auto-generate the rule using GLOBALS
			
 
				-        }, {
			
 
				-          selector: `CallExpression[callee.name="defineProperty"]:not(${[
			
 
				-            '[arguments.2.properties.0.key.name="__proto__"]',
			
 
				-            ':has(CallExpression[callee.name="nullObjFrom"])'
			
 
				-          ].join(',')})`,
			
 
				-          message: 'Prototype of descriptor may be spoofed/broken in an unsafe environment',
			
 
				-        }
			
 
				-      ],
			
 
				+      'no-restricted-syntax': ['error', ...restrictedSyntax],
			
 
				     },
			
 
				   };
			
 
				 }
			
--- a/scripts/webpack-util.js
+++ b/scripts/webpack-util.js
@@ -16,6 +16,37 @@ Object.entries(entryGlobals).forEach(([name, val]) => {
 
				   val.push('*', ...parts);
			
 
				 });
			
 
				 
			
 
				+exports.restrictedSyntax = (
			
 
				+  // Hiding `code` so eslint doesn't complain about invalid schema
			
 
				+  rules => rules.map(r => (
			
 
				+    Object.defineProperty(r, 'code', { enumerable: false, value: r.code })
			
 
				+  ))
			
 
				+)([{
			
 
				+  selector: 'ObjectExpression > SpreadElement',
			
 
				+  message: 'Object spread adds a polyfill in injected* even if unused by it',
			
 
				+  code: 'open({...{foo:1}})',
			
 
				+}, {
			
 
				+  selector: 'ArrayPattern',
			
 
				+  message: 'Destructuring via Symbol.iterator may be spoofed/broken in an unsafe environment',
			
 
				+  code: '[window.foo]=[]',
			
 
				+}, {
			
 
				+  selector: ':matches(ArrayExpression, CallExpression) > SpreadElement',
			
 
				+  message: 'Spreading via Symbol.iterator may be spoofed/broken in an unsafe environment',
			
 
				+  code: 'open([...[]])',
			
 
				+}, {
			
 
				+  selector: '[callee.object.name="Object"], MemberExpression[object.name="Object"]',
			
 
				+  message: 'Using potentially spoofed methods in an unsafe environment',
			
 
				+  code: 'Object.assign()',
			
 
				+  // TODO: auto-generate the rule using GLOBALS
			
 
				+}, {
			
 
				+  selector: `CallExpression[callee.name="defineProperty"]:not(${[
			
 
				+    '[arguments.2.properties.0.key.name="__proto__"]',
			
 
				+    ':has(CallExpression[callee.name="nullObjFrom"])'
			
 
				+  ].join(',')})`,
			
 
				+  message: 'Prototype of descriptor may be spoofed/broken in an unsafe environment',
			
 
				+  code: 'defineProperty(open, "foo", {foo:1})',
			
 
				+}]);
			
 
				+
			
 
				 /**
			
 
				  * Adds a watcher for files in entryGlobals to properly recompile the project on changes.
			
 
				  */
			
--- a/test/eslint/eslint.test.js
+++ b/test/eslint/eslint.test.js
@@ -0,0 +1,17 @@
 
				+const { ESLint } = require('eslint');
			
 
				+const { restrictedSyntax } = require('@/../scripts/webpack-util');
			
 
				+
			
 
				+test('eslint no-restricted-syntax', async () => {
			
 
				+  const linter = new ESLint();
			
 
				+  const code = restrictedSyntax.map(r => r.code + ';').join('');
			
 
				+  const expected = restrictedSyntax.map(r => (delete r.code, r.message));
			
 
				+  for (const path of ['', '/content', '/web']) {
			
 
				+    const filePath = require.resolve(`../../src/injected${path}/index.js`);
			
 
				+    const res = await linter.lintText(code, { filePath });
			
 
				+    const found = res[0].messages;
			
 
				+    const unexpected = found.filter(m => !expected.includes(m.message));
			
 
				+    const missed = expected.filter(msg => !found.some(f => msg === f.message));
			
 
				+    expect(unexpected).toEqual([]);
			
 
				+    expect(missed).toEqual([]);
			
 
				+  }
			
 
				+});
			
--- a/yarn.lock
+++ b/yarn.lock
@@ -3299,9 +3299,9 @@ caniuse-api@^3.0.0:
 
				     lodash.uniq "^4.5.0"
			
 
				 
			
 
				 caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001399, caniuse-lite@^1.0.30001400:
			
 
				-  version "1.0.30001466"
			
 
				-  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001466.tgz"
			
 
				-  integrity sha512-ewtFBSfWjEmxUgNBSZItFSmVtvk9zkwkl1OfRZlKA8slltRN+/C/tuGVrF9styXkN36Yu3+SeJ1qkXxDEyNZ5w==
			
 
				+  version "1.0.30001523"
			
 
				+  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001523.tgz"
			
 
				+  integrity sha512-I5q5cisATTPZ1mc588Z//pj/Ox80ERYDfR71YnvY7raS/NOk8xXlZcB0sF7JdqaV//kOaa6aus7lRfpdnt1eBA==
			
 
				 
			
 
				 chalk@^1.1.3:
			
 
				   version "1.1.3"