# Conformance users:
#
# DO NOT COPY PASTE THESE RULES. If you do, changes to Closure can break your
# build and you also won't get new or improved rules. Instead use this file in
# your project and extend the rules to disable them or to add their whitelists.
### Platform restrictions ###
requirement: {
rule_id: 'closure:callee'
type: BANNED_PROPERTY
error_message: 'Arguments.prototype.callee is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#callee'
value: 'Arguments.prototype.callee'
whitelist_regexp: '.+/closure/goog/base.js' # goog.base uses arguments.callee
whitelist_regexp: '.+/closure/goog/debug/' # legacy stack trace support, etc
# TODO(mlourenco): Fix this? Not sure if possible or not.
whitelist_regexp: '.+/closure/goog/testing/stacktrace.js'
}
requirement: {
rule_id: 'closure:expose'
type: CUSTOM
java_class: 'com.google.javascript.jscomp.ConformanceRules$BanExpose'
error_message: '@expose is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#expose'
}
requirement: {
rule_id: 'closure:throwOfNonErrorTypes'
type: CUSTOM
java_class: 'com.google.javascript.jscomp.ConformanceRules$BanThrowOfNonErrorTypes'
error_message: 'Only Error or Error subclass objects may be thrown. See https://google.github.io/closure-library/develop/conformance_rules.html#throwOfNonErrorTypes'
whitelist_regexp: '.+/closure/goog/storage/' # throws numbers as part of its api
whitelist_regexp: '.+/closure/goog/testing/mock.js' # throws Object in $recordAndThrow
}
requirement: {
rule_id: 'closure:globalVars'
type: CUSTOM
java_class: 'com.google.javascript.jscomp.ConformanceRules$BanGlobalVars'
error_message: 'Global declarations are not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#globalVars'
whitelist: 'javascript/apps/xid/xid.js' # global 'xid'
whitelist_regexp: '.+/closure/goog/base.js' # global 'goog'
whitelist_regexp: '.+/closure/goog/labs/testing/' # global matchers, etc
whitelist_regexp: '.+/closure/goog/locale/locale.js' # dumb api
whitelist_regexp: '.+/closure/goog/testing/' # global assert methods, etc
whitelist_regexp: '.+/closure/goog/tweak/testhelpers.js' # global values
whitelist_regexp: '^Post.*_module$' # injected '_ModuleManager_initialize'
}
requirement: {
rule_id: 'closure:unknownThis'
type: CUSTOM
java_class: 'com.google.javascript.jscomp.ConformanceRules$BanUnknownThis'
error_message: 'References to "this" that are typed as "unknown" are not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#unknownThis'
whitelist_regexp: '.+/closure/goog/base.js'
whitelist_regexp: '.+/closure/goog/debug/errorhandler.js'
whitelist_regexp: '.+/closure/goog/editor/plugins/linkbubble.js'
whitelist_regexp: '.+/closure/goog/editor/plugins/linkdialogplugin.js'
whitelist_regexp: '.+/closure/goog/functions/functions.js'
whitelist_regexp: '.+/closure/goog/memoize/memoize.js'
whitelist_regexp: '.+/closure/goog/pubsub/pubsub.js'
whitelist_regexp: '.+/closure/goog/result/resultutil.js'
whitelist_regexp: '.+/closure/goog/testing/'
whitelist_regexp: '.+/closure/goog/ui/editor/bubble.js'
whitelist_regexp: '.+/closure/goog/ui/editor/toolbarcontroller.js'
whitelist: 'javascript/jsaction/actionflow.js'
whitelist: 'javascript/jfk/activityindicator/activityindicator.js' # Compiler bug? Line 193
}
### Browser tech requirements ###
# This requirement is somewhat Google-specific: open-source Closure users that
# don't use GAPI could reasonably ignore it depending on how they do messaging
# in their app.
requirement: {
rule_id: 'closure:postMessage'
type: BANNED_PROPERTY_CALL
error_message: 'Window.prototype.postMessage is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#postMessage'
value: 'Window.prototype.postMessage'
# Known-safe common infrastructure.
whitelist_regexp: '.+/closure/goog/async/nexttick.js'
whitelist_regexp: '.+/closure/goog/net/xpc/nativemessagingtransport.js'
# TODO(user): make sure this gets security reviewed (b/29333525).
whitelist_regexp: '.+/closure/goog/messaging/portchannel.js'
}
### Security: forbid DOM properties and functions which can cause XSS ###
# These are properties and functions which might have safe wrappers under
# goog.dom.safe. Two groups: properties and functions which accept
# HTML/CSS/script-as-string, properties and function which accept URLs.
#### DOM properties and functions which accept HTML/CSS/script-as-string #####
requirement: {
rule_id: 'closure:eval'
# TODO(jakubvrana): Change to BANNED_NAME_CALL after cl/154708486 lands.
type: BANNED_NAME
error_message: 'eval is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#eval'
value: 'eval'
value: 'execScript'
value: 'goog.globalEval'
whitelist_regexp: '.+/closure/goog/base.js' # goog.module loading in uncompiled code.
whitelist_regexp: '.+/closure/goog/debug/errorhandler.js' # wraps setTimeout and similar functions
whitelist_regexp: '.+/closure/goog/json/json.js' # used in goog.json.parse
whitelist_regexp: '.+/closure/goog/module/loader.js'
whitelist_regexp: '.+/closure/goog/module/moduleloader.js'
}
requirement: {
rule_id: 'closure:windowEval'
type: BANNED_PROPERTY_CALL
error_message: 'window.eval is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#eval'
value: 'Window.prototype.eval'
value: 'Window.prototype.execScript'
whitelist_regexp: '.+/closure/goog/base.js'
# TODO(jakubvrana): To be investigated.
whitelist_regexp: '.+/closure/goog/net/xpc/nixtransport.js'
}
requirement: {
rule_id: 'closure:stringFunctionDefinition'
type: RESTRICTED_NAME_CALL
error_message: 'Function, setTimeout, setInterval and requestAnimationFrame are not allowed with string argument. See https://google.github.io/closure-library/develop/conformance_rules.html#eval'
value: 'Function:function()'
value: 'setTimeout:function(Function, ...?)'
value: 'setInterval:function(Function, ...?)'
value: 'requestAnimationFrame:function(Function, ...?)'
}
requirement: {
rule_id: 'closure:windowStringFunctionDefinition'
type: RESTRICTED_METHOD_CALL
error_message: 'window.setTimeout, setInterval and requestAnimationFrame are not allowed with string argument. See https://google.github.io/closure-library/develop/conformance_rules.html#eval'
value: 'Window.prototype.setTimeout:function(Function, ...?)'
value: 'Window.prototype.setInterval:function(Function, ...?)'
value: 'Window.prototype.requestAnimationFrame:function(Function, ...?)'
}
requirement: {
rule_id: 'closure:innerHtml'
type: BANNED_PROPERTY_NON_CONSTANT_WRITE
error_message: 'Assignment to Element.prototype.innerHTML is not allowed. See https://google.github.io/closure-library/develop/conformance_rules.html#innerHtml'
value: 'Element.prototype.innerHTML'
# Safe wrapper for this property.
whitelist_regexp: '.+/closure/goog/dom/safe.js'
# Safe DOM Tree Processor and HTML sanitizer, which use it safely in order to
# have the browser parse an HTML string using an inert DOM.
whitelist_regexp: '.+/closure/goog/html/sanitizer/htmlsanitizer.js'
whitelist_regexp: '.+/closure/goog/html/sanitizer/safedomtreeprocessor.js'
# Safely used in goog.string.unescapeEntitiesUsingDom_; the string assigned to
# innerHTML is a single HTML entity.
whitelist_regexp: '.+/closure/goog/string/string.js'
# goog.soy.renderElement and renderAsElement. Safe if used with Strict Soy
# templates.
whitelist_regexp: '.+/closure/goog/soy/soy.js'
whitelist_regexp: '.+/closure/goog/dom/browserrange/ierange.js'
whitelist_regexp: '.+/closure/goog/editor/'
whitelist_regexp: '.+/closure/goog/style/style.js'
whitelist_regexp: '.+/closure/goog/testing/'
}
requirement: {
rule_id: 'closure:outerHtml'
type: