From f10de519e23419fd939e5f009807e2a42793a59e Mon Sep 17 00:00:00 2001 From: kjj6198 Date: Tue, 28 Apr 2020 00:43:20 +0900 Subject: [PATCH 1/3] a11y: warn about href="javascript:void(0)" --- src/compiler/compile/nodes/Element.ts | 2 +- .../samples/a11y-anchor-is-valid/input.svelte | 3 ++- .../samples/a11y-anchor-is-valid/warnings.json | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts index 8ff36de31ad7..89450384afba 100644 --- a/src/compiler/compile/nodes/Element.ts +++ b/src/compiler/compile/nodes/Element.ts @@ -428,7 +428,7 @@ export default class Element extends Node { if (attribute) { const value = attribute.get_static_value(); - if (value === '' || value === '#') { + if (value === '' || value === '#' || /^\W*?javascript/.test(value)) { component.warn(attribute, { code: `a11y-invalid-attribute`, message: `A11y: '${value}' is not a valid ${attribute.name} attribute` diff --git a/test/validator/samples/a11y-anchor-is-valid/input.svelte b/test/validator/samples/a11y-anchor-is-valid/input.svelte index 7b14a80c9f14..6d0f77a308c2 100644 --- a/test/validator/samples/a11y-anchor-is-valid/input.svelte +++ b/test/validator/samples/a11y-anchor-is-valid/input.svelte @@ -1,3 +1,4 @@ not actually a link invalid -invalid \ No newline at end of file +invalid +invalid \ No newline at end of file diff --git a/test/validator/samples/a11y-anchor-is-valid/warnings.json b/test/validator/samples/a11y-anchor-is-valid/warnings.json index 532c44ad2450..9438a74f5b6e 100644 --- a/test/validator/samples/a11y-anchor-is-valid/warnings.json +++ b/test/validator/samples/a11y-anchor-is-valid/warnings.json @@ -43,5 +43,20 @@ "character": 61 }, "pos": 53 + }, + { + "code": "a11y-invalid-attribute", + "message": "A11y: 'javascript:void(0)' is not a valid href attribute", + "start": { + "line": 4, + "column": 3, + "character": 77 + }, + "end": { + "line": 4, + "column": 28, + "character": 102 + }, + "pos": 77 } ] From b7b86d46ad6ae6330c3f8691eddd44378a79aa6b Mon Sep 17 00:00:00 2001 From: kjj6198 Date: Tue, 28 Apr 2020 01:43:16 +0900 Subject: [PATCH 2/3] add missing `:` --- src/compiler/compile/nodes/Element.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts index 89450384afba..a07cef485fdd 100644 --- a/src/compiler/compile/nodes/Element.ts +++ b/src/compiler/compile/nodes/Element.ts @@ -428,7 +428,7 @@ export default class Element extends Node { if (attribute) { const value = attribute.get_static_value(); - if (value === '' || value === '#' || /^\W*?javascript/.test(value)) { + if (value === '' || value === '#' || /^\W*javascript:/.test(value)) { component.warn(attribute, { code: `a11y-invalid-attribute`, message: `A11y: '${value}' is not a valid ${attribute.name} attribute` From d39f2b8cb5aa13a58c0e772d80d186a3ebdaa349 Mon Sep 17 00:00:00 2001 From: kjj6198 Date: Tue, 28 Apr 2020 22:59:55 +0900 Subject: [PATCH 3/3] make URI schemes case insecsitive. --- src/compiler/compile/nodes/Element.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts index a07cef485fdd..f64da919c69d 100644 --- a/src/compiler/compile/nodes/Element.ts +++ b/src/compiler/compile/nodes/Element.ts @@ -428,7 +428,7 @@ export default class Element extends Node { if (attribute) { const value = attribute.get_static_value(); - if (value === '' || value === '#' || /^\W*javascript:/.test(value)) { + if (value === '' || value === '#' || /^\W*javascript:/i.test(value)) { component.warn(attribute, { code: `a11y-invalid-attribute`, message: `A11y: '${value}' is not a valid ${attribute.name} attribute`