no-sanitizer-with-danger: Add fixer function

lib/rules/no-sanitizer-with-danger.js

@@ -70,7 +70,8 @@ module.exports = {
         },
         additionalProperties: false
       }
-    ]
+    ],
+    fixable: 'code'
   },
 
   create: function(context) {
@@ -98,14 +99,26 @@ module.exports = {
         }
 
         if (messageIndex >= 0) {
-          context.report({
+          const htmlProp = node.value.expression.properties.find(prop => prop.key.name === '__html');
+          const reportOptions = {
             node: node,
             message: DANGEROUS_MESSAGES[messageIndex],
             data: {
               name: node.name.name,
               wrapperName: JSON.stringify(config.wrapperName)
             }
-          });
+          };
+
+          if (messageIndex !== 2) {
+            reportOptions.fix = function(fixer) {
+              return fixer.replaceText(
+                htmlProp.value,
+                `${config.wrapperName[0]}(${context.getSourceCode().getText(htmlProp.value)})`
+              );
+            };
+          }
+
+          context.report(reportOptions);
         }
       }
     };

package.json

@@ -32,6 +32,10 @@
     {
       "name": "Iran Reyes",
       "url": "https://github.com/iranreyes"
+    },
+    {
+      "name": "Sean Mizen",
+      "url": "https://github.com/seanmizen"
     }
   ],
   "main": "lib/index.js",

tests/lib/rules/no-sanitizer-with-danger.js

@@ -7,7 +7,9 @@
 // ------------------------------------------------------------------------------
 // Constants
 // ------------------------------------------------------------------------------
-const MESSAGE = 'Use xss sanitizer with dangerouslySetInnerHTML';
+const NO_SANITIZER_PATTERN = /Dangerous property '\s+' without sanitizer found./;
+const BAD_WRAPPER_PATTERN = /Wrapper name is not one of '\[.*\]'\./;
+const XSS_LIBRARY_MESSAGE = 'Direct use of xss library found.';
 
 // ------------------------------------------------------------------------------
 // Requirements
@@ -49,32 +51,40 @@ ruleTester.run('no-sanitizer-with-danger', rule, {
   invalid: [
     {
       code: "<App dangerouslySetInnerHTML={{ __html: '<p>with sanitizer</p>' }} />;",
-      errors: [{ message: MESSAGE }]
+      errors: [NO_SANITIZER_PATTERN],
+      output: "<App dangerouslySetInnerHTML={{ __html: sanitizer('<p>with sanitizer</p>') }} />;"
     },
     {
       code: "<div dangerouslySetInnerHTML={{ __html: '' }}></div>;",
-      errors: [{ message: MESSAGE }]
+      errors: [NO_SANITIZER_PATTERN],
+      output: "<div dangerouslySetInnerHTML={{ __html: sanitizer('') }}></div>;"
     },
     {
       code: "<div dangerouslySetInnerHTML={{ __html: '<p>with sanitizer</p>' }} />;",
-      errors: [{ message: MESSAGE }]
+      errors: [NO_SANITIZER_PATTERN],
+      output: "<div dangerouslySetInnerHTML={{ __html: sanitizer('<p>with sanitizer</p>') }} />;"
     },
     {
       code: '<div dangerouslySetInnerHTML={{ __html: title }} />;',
-      errors: [{ message: MESSAGE }]
+      errors: [NO_SANITIZER_PATTERN],
+      output: '<div dangerouslySetInnerHTML={{ __html: sanitizer(title) }} />;'
     },
     {
-      code: "<div dangerouslySetInnerHTML={{ __html: sanitize('<p>with sanitizer</p>') }} />;",
-      errors: [{ message: 'Use sanitizer as name of wrapper' }]
+      code: "<div dangerouslySetInnerHTML={{ __html: invalidSanitizer('<p>with sanitizer</p>') }} />;",
+      errors: [BAD_WRAPPER_PATTERN],
+      output: "<div dangerouslySetInnerHTML={{ __html: sanitizer(invalidSanitizer('<p>with sanitizer</p>')) }} />;"
     },
     {
       code: "<div dangerouslySetInnerHTML={{ __html: Dompurify.sanitizer('<p>with sanitizer</p>') }} />;",
-      errors: [{ message: 'Use sanitizer in util folder. Create sanitizer util if no exist.' }]
+      errors: [{ message: XSS_LIBRARY_MESSAGE }],
+      // do not handle direct use of library
+      output: "<div dangerouslySetInnerHTML={{ __html: Dompurify.sanitizer('<p>with sanitizer</p>') }} />;"
     },
     {
-      code: "<div dangerouslySetInnerHTML={{ __html: sanitizer('<p>with sanitizer</p>') }} />;",
+      code: "<div dangerouslySetInnerHTML={{ __html: sanitize('<p>with sanitizer</p>') }} />;",
       options: [{ wrapperName: ['xss', 'purify'] }],
-      errors: [{ message: 'Use sanitizer in util folder. Create sanitizer util if no exist.' }]
+      errors: [BAD_WRAPPER_PATTERN],
+      output: "<div dangerouslySetInnerHTML={{ __html: xss(sanitize('<p>with sanitizer</p>')) }} />;"
     }
   ]
 });