eslint-plugin-jsx-secure-form
A minimal set of easy to install ESLint rules to make your React forms and inputs more secure. If any user will have enhanced spellcheck enabled inside browser and you will not disable spellCheck="false"
it might result into sending passwords & usernames or other PII to 3rd party server.
If you are interested into details of those security issues you can reed it here. This news caused quite a few reactions all over the world which can be viewed here.
Setup
- Install it using package manager:
- npm
npm install --development eslint eslint-plugin-jsx-secure-form
- yarn
yarn add -D eslint eslint-plugin-jsx-secure-form
- npm
- Extend
plugin:jsx-secure-form/recommended
in your.eslintrc
.
Example .eslintrc
:
{
"extends": ["plugin:jsx-secure-form/recommended"],
"plugins": ["jsx-secure-form"]
}
- You're done!
Optional - Configuring the rules
If you want to change a rule of an included plugin (for example of eslint-plugin-react
) you must prefix the rule with react-app/
(for preventing namespace collisions).
For example:
{
"extends": ["plugin:jsx-secure-form/recommended"],
"rules": {
"jsx-secure-form/disable-form-spellcheck": ["warn"],
"jsx-secure-form/disable-input-spellcheck": ["warn"]
}
}
Exclusions
This rules is not working for given input types: "file", "image", "reset", and "submit"
.