feat: add prefer-https rule

yeonjuan · Dec 14, 2024 · cf062ee · cf062ee
1 parent 22325ef
commit cf062ee
Show file tree

Hide file tree

Showing 5 changed files with 171 additions and 0 deletions.
diff --git a/docs/rules/prefer-https.md b/docs/rules/prefer-https.md
@@ -0,0 +1,23 @@
+# prefer-https
+
+This rule enforces to use `HTTPS` for embedded resources (image, media, style sheet and script).
+
+## How to use
+
+```js,.eslintrc.js
+module.exports = {
+  rules: {
+    "@html-eslint/prefer-https": "error",
+  },
+};
+```
+
+## Rule Details
+
+Examples of **incorrect** code for tis rule:
+
+```html,incorrect
+<script src="http://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
+<img src="http://html-eslint.org/logo.svg">
+<link rel="stylesheet" href="http://style.css">
+```
diff --git a/packages/eslint-plugin/lib/rules/index.js b/packages/eslint-plugin/lib/rules/index.js
@@ -37,6 +37,7 @@ const noScriptStyleType = require("./no-script-style-type");
 const lowercase = require("./lowercase");
 const requireOpenGraphProtocol = require("./require-open-graph-protocol");
 const sortAttrs = require("./sort-attrs");
+const preferHttps = require("./prefer-https");
 
 module.exports = {
   "require-lang": requireLang,
@@ -78,4 +79,5 @@ module.exports = {
   lowercase: lowercase,
   "require-open-graph-protocol": requireOpenGraphProtocol,
   "sort-attrs": sortAttrs,
+  "prefer-https": preferHttps,
 };
diff --git a/packages/eslint-plugin/lib/rules/prefer-https.js b/packages/eslint-plugin/lib/rules/prefer-https.js
@@ -0,0 +1,106 @@
+/**
+ * @typedef { import("../types").RuleModule } RuleModule
+ * @typedef { import("../types").Tag } Tag
+ * @typedef { import("../types").ScriptTag } ScriptTag
+ * @typedef { import("../types").Attribute } Attribute
+ * @typedef { import("../types").AttributeValue } AttributeValue
+ */
+
+const { RULE_CATEGORY } = require("../constants");
+const { findAttr, isScript } = require("./utils/node");
+const { createVisitors } = require("./utils/visitors");
+
+const MESSAGE_IDS = {
+  UNEXPECTED: "unexpected",
+};
+
+/**
+ * @param {string} url
+ */
+function getProtocol(url) {
+  try {
+    return new URL(url).protocol;
+  } catch (e) {
+    return null;
+  }
+}
+
+/**
+ * @param {Tag | ScriptTag} node
+ * @returns {AttributeValue | undefined}
+ */
+function getResourceAttributeValue(node) {
+  /**
+   * @type {Attribute | undefined}
+   */
+  let attribute;
+  if (isScript(node)) {
+    attribute = findAttr(node, "src");
+  } else {
+    switch (node.name.toLowerCase()) {
+      case "img":
+      case "iframe":
+      case "audio":
+      case "video":
+      case "source":
+      case "embed": {
+        attribute = findAttr(node, "src");
+        break;
+      }
+      case "link": {
+        attribute = findAttr(node, "href");
+        break;
+      }
+      case "object": {
+        attribute = findAttr(node, "data");
+        break;
+      }
+    }
+  }
+  if (attribute) {
+    return attribute.value;
+  }
+  return undefined;
+}
+
+/**
+ * @type {RuleModule}
+ */
+module.exports = {
+  meta: {
+    type: "code",
+    docs: {
+      description: "Prefer to use HTTPS for embedded resources",
+      recommended: false,
+      category: RULE_CATEGORY.BEST_PRACTICE,
+    },
+    fixable: false,
+    schema: [],
+    messages: {
+      [MESSAGE_IDS.UNEXPECTED]: "Unexpected use of 'http' protocol",
+    },
+  },
+
+  create(context) {
+    /**
+     * @param {Tag | ScriptTag} node
+     */
+    function check(node) {
+      const attributeValue = getResourceAttributeValue(node);
+      if (attributeValue && !attributeValue.templates.length) {
+        const protocol = getProtocol(attributeValue.value);
+        if (protocol === "http:") {
+          context.report({
+            node: attributeValue,
+            messageId: MESSAGE_IDS.UNEXPECTED,
+          });
+        }
+      }
+    }
+
+    return createVisitors(context, {
+      ScriptTag: check,
+      Tag: check,
+    });
+  },
+};
diff --git a/packages/eslint-plugin/lib/rules/utils/node.js b/packages/eslint-plugin/lib/rules/utils/node.js
@@ -160,6 +160,22 @@ function isTag(node) {
   return node.type === NODE_TYPES.Tag;
 }
 
+/**
+ * @param {AnyNode} node
+ * @returns {node is ScriptTag}
+ */
+function isScript(node) {
+  return node.type === NODE_TYPES.ScriptTag;
+}
+
+/**
+ * @param {AnyNode} node
+ * @returns {node is StyleTag}
+ */
+function isStyle(node) {
+  return node.type === NODE_TYPES.StyleTag;
+}
+
 /**
  * @param {AnyNode} node
  * @returns {node is Comment}
@@ -223,6 +239,8 @@ module.exports = {
   isComment,
   isText,
   isLine,
+  isScript,
+  isStyle,
   isOverlapWithTemplates,
   codeToLines,
   isRangesOverlap,

diff --git a/packages/eslint-plugin/tests/rules/prefer-https.test.js b/packages/eslint-plugin/tests/rules/prefer-https.test.js
@@ -0,0 +1,22 @@
+const createRuleTester = require("../rule-tester");
+const rule = require("../../lib/rules/prefer-https");
+
+const ruleTester = createRuleTester();
+
+ruleTester.run("quotes", rule, {
+  valid: [
+    {
+      code: `<img src="https://image.png">`,
+    },
+  ],
+  invalid: [
+    {
+      code: `<img src="http://image.png">`,
+      errors: [
+        {
+          messageId: "unexpected",
+        },
+      ],
+    },
+  ],
+});