eslint-plugin-jsx-secure-form

0.0.5 • Public • Published

eslint-plugin-jsx-secure-form

npm version

A minimal set of easy to install ESLint rules to make your React forms and inputs more secure. If any user will have enhanced spellcheck enabled inside browser and you will not disable spellCheck="false" it might result into sending passwords & usernames or other PII to 3rd party server.

If you are interested into details of those security issues you can reed it here. This news caused quite a few reactions all over the world which can be viewed here.

Setup

  1. Install it using package manager:
    • npm npm install --development eslint eslint-plugin-jsx-secure-form
    • yarn yarn add -D eslint eslint-plugin-jsx-secure-form
  2. Extend plugin:jsx-secure-form/recommended in your .eslintrc.

Example .eslintrc:

{
  "extends": ["plugin:jsx-secure-form/recommended"],
  "plugins": ["jsx-secure-form"]
}
  1. You're done!

Optional - Configuring the rules

If you want to change a rule of an included plugin (for example of eslint-plugin-react) you must prefix the rule with react-app/ (for preventing namespace collisions).
For example:

{
  "extends": ["plugin:jsx-secure-form/recommended"],
  "rules": {
    "jsx-secure-form/disable-form-spellcheck": ["warn"],
    "jsx-secure-form/disable-input-spellcheck": ["warn"]
  }
}

Exclusions

This rules is not working for given input types: "file", "image", "reset", and "submit".

Package Sidebar

Install

npm i eslint-plugin-jsx-secure-form

Weekly Downloads

154

Version

0.0.5

License

MIT

Unpacked Size

11.9 kB

Total Files

11

Last publish

Collaborators

  • szymansd