Labels

Eslint Security Static Analysis | DOM-based Cross Site Scripting Vulnerability

Content
As the result from Web Security Health Check, there were DOM-based Cross Site Scripting Vulnerability, so installing Eslint Security Static Analysis for more detail information
$ sudo apt-get install npm

#@ref http://stackoverflow.com/a/38720816
If Ubuntu Trusty 14.04, requires:
$ curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
$ sudo apt-get install npm

Then:
$ npm install eslint
$ npm install eslint-plugin-scanjs-rules
$ npm install eslint-plugin-no-unsafe-innerhtml

#@ref https://www.npmjs.com/package/eslint
# /home/user/node_modules

#@ref https://github.com/nodejs/node-v0.x-archive/issues/3911
Because of:
/usr/bin/env: ‘node’: No such file or directory
$ sudo ln -s /usr/bin/nodejs /usr/bin/node

Scan .js files:
$ find ~/www/ -name "*js"
$ ~/node_modules/.bin/eslint ~/www/*/js/


Appendix
On Ubuntu Trusty 14.04 had this error because the older npm did not support (http://packages.ubuntu.com/trusty/web/npm):
$ dpkg -l nodejs | grep "^ii"

Error:
/home/user/node_modules/eslint/lib/cli.js:18
let fs = require("fs"),
^^^
SyntaxError: Unexpected strict mode reserved word
at Module._compile (module.js:439:25)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at Object. (/home/user/node_modules/eslint/bin/eslint.js:29:11)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)

Needed download and install version 4.x:
$ curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
$ sudo apt-get install npm


References



Update
Labels: