useIframeSandbox
此内容尚不支持你的语言。
Summary
Section titled “Summary”- Rule available since:
v2.4.12 - Diagnostic Category:
lint/nursery/useIframeSandbox - This rule doesn’t have a fix.
- The default severity of this rule is warning.
How to configure
Section titled “How to configure”{ "linter": { "rules": { "nursery": { "useIframeSandbox": "error" } } }}Description
Section titled “Description”Enforce the ‘sandbox’ attribute for ‘iframe’ elements.
The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using the sandbox attribute is considered a good security practice.
See the Mozilla docs for details.
Examples
Section titled “Examples”Invalid
Section titled “Invalid”<iframe src="https://example.com"></iframe>code-block.html:1:1 lint/nursery/useIframeSandbox ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠ Iframe doesn’t have the sandbox attribute.
> 1 │ <iframe src=“https://example.com"></iframe>
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2 │
ℹ The sandbox attribute enables an extra set of restrictions for the content in the iframe, protecting against malicious scripts and other security threats.
ℹ Provide a sandbox attribute when using iframe elements.
ℹ This rule belongs to the nursery group, which means it is not yet stable and may change in the future. Visit https://biomejs.dev/linter/#nursery for more information.
<iframe src="https://example.com" sandbox="allow-popups"></iframe>Related links
Section titled “Related links”Summary
Section titled “Summary”- Rule available since:
v2.4.12 - Diagnostic Category:
lint/nursery/useIframeSandbox - This rule doesn’t have a fix.
- The default severity of this rule is warning.
- Sources:
- Inspired from
react-dom/no-missing-iframe-sandbox - Same as
@eslint-react/dom-no-missing-iframe-sandbox
- Inspired from
How to configure
Section titled “How to configure”{ "linter": { "rules": { "nursery": { "useIframeSandbox": "error" } } }}Description
Section titled “Description”Enforce the ‘sandbox’ attribute for ‘iframe’ elements.
The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using the sandbox attribute is considered a good security practice.
See the Mozilla docs for details.
Examples
Section titled “Examples”Invalid
Section titled “Invalid”function MyComponent() { return <iframe src="https://example.com" />;}code-block.jsx:2:10 lint/nursery/useIframeSandbox ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠ Iframe doesn’t have the sandbox attribute.
1 │ function MyComponent() {
> 2 │ return <iframe src=“https://example.com” />;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
3 │ }
4 │
ℹ The sandbox attribute enables an extra set of restrictions for the content in the iframe, protecting against malicious scripts and other security threats.
ℹ Provide a sandbox attribute when using iframe elements.
ℹ This rule belongs to the nursery group, which means it is not yet stable and may change in the future. Visit https://biomejs.dev/linter/#nursery for more information.
function MyComponent() { return <iframe src="https://example.com" sandbox="allow-popups" />;}Related links
Section titled “Related links”Sponsored by
Copyright (c) 2023-present Biome Developers and Contributors.