Migrate rule from TSLint: react-iframe-missing-sandbox

[tosmolka]

We would like to port react-iframe-missing-sandbox from tslint-microsoft-contrib into ESLint and this plugin seems like a good place to put it.

See initial PR:
#2753

Any feedback will be appreciated!

[ljharb]

What is the purpose of this rule?

A PR is premature before it's clear this is a rule we want.

[tosmolka]

We use this rule internally to remind engineers to follow security best practices and use "sandbox" attribute on iframes to enable only the functionality that is required. PR is here to show what the rule actually does.

I'll certainly leave it for your consideration. More reading on the iframe sandbox, if needed:

• https://medium.com/the-thinkmill/how-to-safely-inject-html-in-react-using-an-iframe-adc775d458bc
• https://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
• https://html.com/attributes/iframe-sandbox/
• https://www.w3schools.com/tags/att_iframe_sandbox.asp

[tosmolka]

@ljharb , any news regarding the proposal? Thank you.

[ljharb]

@tosmolka i think this is fine - let's go with iframe-missing-sandbox, and let's make sure that it works for both jsx and React.createElement.