eslint-plugin-xss

![NPM version](https://www.npmjs.com/package/eslint-plugin-xss)
![Build Status](https://travis-ci.org/Rantanen/eslint-plugin-xss)
![Codecov](https://codecov.io/gh/Rantanen/eslint-plugin-xss)
![Codacy](https://www.codacy.com/app/jubjub/eslint-plugin-xss)

Tries to detect XSS issues in codebase before they end up in production.

Installation

You'll first need to install ESLint:

``$ npm install eslint --save-dev`

Next, install eslint-plugin-xss:

`$ npm install eslint-plugin-xss --save-dev`

Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-xss globally.

`Usage`

Add xss to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:

`json { "plugins": [ "xss" ] }`

Then configure the rules you want to use under the rules section.

`json { "rules": { "xss/rule-name": 2 } }`

Or:

Enable all rules by adding the following to your .eslintrc configuration file

`json { "extends": [ "plugin:xss/recommended" ] }``

Supported Rules

* xss/no-mixed-html: Warn about possible XSS issues.
* xss/no-location-href-assign: Warn when trying to modify location.href.