Add suggestions for no-template-target-blank rule (#2111)

vuejs · Mar 22, 2023 · cfbfa12 · cfbfa12
1 parent dd3df38
commit cfbfa12
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 6 deletions.
diff --git a/lib/rules/no-template-target-blank.js b/lib/rules/no-template-target-blank.js
@@ -67,6 +67,32 @@ function hasDynamicLink(node) {
   )
 }
 
+/**
+ * @param {VAttribute} node
+ * @returns {Rule.SuggestionReportDescriptor}
+ */
+function getSuggestion(node) {
+  const relAttributeNode = node.parent.attributes.find(
+    (attribute) => attribute.key.name === 'rel'
+  )
+
+  if (relAttributeNode) {
+    return {
+      desc: 'Change `rel` attribute value to `noopener noreferrer`.',
+      fix(fixer) {
+        return fixer.replaceText(relAttributeNode, 'rel="noopener noreferrer"')
+      }
+    }
+  }
+
+  return {
+    desc: 'Add `rel="noopener noreferrer"`.',
+    fix(fixer) {
+      return fixer.insertTextAfter(node, ' rel="noopener noreferrer"')
+    }
+  }
+}
+
 module.exports = {
   meta: {
     type: 'problem',
@@ -76,6 +102,7 @@ module.exports = {
       categories: undefined,
       url: 'https://eslint.vuejs.org/rules/no-template-target-blank.html'
     },
+    hasSuggestions: true,
     schema: [
       {
         type: 'object',
@@ -118,7 +145,8 @@ module.exports = {
           context.report({
             node,
             message:
-              'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+              'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+            suggest: [getSuggestion(node)]
           })
         }
       }

diff --git a/tests/lib/rules/no-template-target-blank.js b/tests/lib/rules/no-template-target-blank.js
@@ -49,31 +49,81 @@ ruleTester.run('no-template-target-blank', rule, {
     {
       code: '<template><a href="https://eslint.vuejs.org" target="_blank">link</a></template>',
       errors: [
-        'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+        {
+          message:
+            'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+          suggestions: [
+            {
+              desc: 'Add `rel="noopener noreferrer"`.',
+              output:
+                '<template><a href="https://eslint.vuejs.org" target="_blank" rel="noopener noreferrer">link</a></template>'
+            }
+          ]
+        }
       ]
     },
     {
       code: '<template><a href="https://eslint.vuejs.org" target="_blank" rel="noopenernoreferrer">link</a></template>',
       errors: [
-        'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+        {
+          message:
+            'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+          suggestions: [
+            {
+              desc: 'Change `rel` attribute value to `noopener noreferrer`.',
+              output:
+                '<template><a href="https://eslint.vuejs.org" target="_blank" rel="noopener noreferrer">link</a></template>'
+            }
+          ]
+        }
       ]
     },
     {
       code: '<template><a :href="link" target="_blank" rel=3>link</a></template>',
       errors: [
-        'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+        {
+          message:
+            'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+          suggestions: [
+            {
+              desc: 'Change `rel` attribute value to `noopener noreferrer`.',
+              output:
+                '<template><a :href="link" target="_blank" rel="noopener noreferrer">link</a></template>'
+            }
+          ]
+        }
       ]
     },
     {
       code: '<template><a :href="link" target="_blank">link</a></template>',
       errors: [
-        'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+        {
+          message:
+            'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+          suggestions: [
+            {
+              desc: 'Add `rel="noopener noreferrer"`.',
+              output:
+                '<template><a :href="link" target="_blank" rel="noopener noreferrer">link</a></template>'
+            }
+          ]
+        }
       ]
     },
     {
       code: '<template><a href="https://eslint.vuejs.org" target="_blank" rel="noopener">link</a></template>',
       errors: [
-        'Using target="_blank" without rel="noopener noreferrer" is a security risk.'
+        {
+          message:
+            'Using target="_blank" without rel="noopener noreferrer" is a security risk.',
+          suggestions: [
+            {
+              desc: 'Change `rel` attribute value to `noopener noreferrer`.',
+              output:
+                '<template><a href="https://eslint.vuejs.org" target="_blank" rel="noopener noreferrer">link</a></template>'
+            }
+          ]
+        }
       ]
     }
   ]