no-missing-iframe-sandbox

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom/no-missing-iframe-sandbox

Features

🔍

Presets

• dom
• recommended
• recommended-typescript
• recommended-type-checked

What it does

Enforces explicit sandbox attribute for iframe elements.

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using sandbox attribute is considered a good security practice.

Examples

This rule checks all React iframe elements and verifies that there is sandbox attribute and that it's value is valid.

Failing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  //     - Missing 'sandbox' attribute on iframe component.
}

Passing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Implementation

• Rule source
• Test source

Further Reading

• MDN: iframe - sandbox

See Also

• no-missing-button-type
  Enforces explicit type attribute for button elements.
• no-unsafe-iframe-sandbox
  Enforces sandbox attribute for iframe elements is not set to unsafe combinations.