no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom/no-missing-iframe-sandbox

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Features

🔧

Presets

strict strict-typescript strict-type-checked

Description

Enforces an explicit sandbox attribute for iframe elements.

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using the sandbox attribute is considered a good security practice.

Examples

This rule checks all React iframe elements and verifies that there is a sandbox attribute and that its value is valid.

Failing

import React from "react";

function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  //     - Missing 'sandbox' attribute on iframe component.
}

Passing

import React from "react";

function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Implementation

• Rule Source
• Test Source

Further Reading

• MDN iframe sandbox

See Also

• no-missing-button-type
  Enforces an explicit type attribute for button elements.
• no-unsafe-iframe-sandbox
  Enforces that the sandbox attribute for iframe elements is not set to unsafe combinations.