From 630697fa6ada01103f0301758159505d23656ba1 Mon Sep 17 00:00:00 2001 From: Kalan Date: Wed, 29 Apr 2020 06:03:31 +0900 Subject: [PATCH] a11y: warn about href="javascript:..." (#4733) --- src/compiler/compile/nodes/Element.ts | 2 +- .../samples/a11y-anchor-is-valid/input.svelte | 3 ++- .../samples/a11y-anchor-is-valid/warnings.json | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts index 8ff36de31ad7..f64da919c69d 100644 --- a/src/compiler/compile/nodes/Element.ts +++ b/src/compiler/compile/nodes/Element.ts @@ -428,7 +428,7 @@ export default class Element extends Node { if (attribute) { const value = attribute.get_static_value(); - if (value === '' || value === '#') { + if (value === '' || value === '#' || /^\W*javascript:/i.test(value)) { component.warn(attribute, { code: `a11y-invalid-attribute`, message: `A11y: '${value}' is not a valid ${attribute.name} attribute` diff --git a/test/validator/samples/a11y-anchor-is-valid/input.svelte b/test/validator/samples/a11y-anchor-is-valid/input.svelte index 7b14a80c9f14..6d0f77a308c2 100644 --- a/test/validator/samples/a11y-anchor-is-valid/input.svelte +++ b/test/validator/samples/a11y-anchor-is-valid/input.svelte @@ -1,3 +1,4 @@ not actually a link invalid -invalid \ No newline at end of file +invalid +invalid \ No newline at end of file diff --git a/test/validator/samples/a11y-anchor-is-valid/warnings.json b/test/validator/samples/a11y-anchor-is-valid/warnings.json index 532c44ad2450..9438a74f5b6e 100644 --- a/test/validator/samples/a11y-anchor-is-valid/warnings.json +++ b/test/validator/samples/a11y-anchor-is-valid/warnings.json @@ -43,5 +43,20 @@ "character": 61 }, "pos": 53 + }, + { + "code": "a11y-invalid-attribute", + "message": "A11y: 'javascript:void(0)' is not a valid href attribute", + "start": { + "line": 4, + "column": 3, + "character": 77 + }, + "end": { + "line": 4, + "column": 28, + "character": 102 + }, + "pos": 77 } ]