no-missing-iframe-sandbox

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom/no-missing-iframe-sandbox

Presets

• dom
• recommended
• recommended-typescript
• recommended-type-checked

Description

Enforces explicit sandbox attribute for iframe elements.

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using sandbox attribute is considered a good security practice.

Examples

This rule checks all React iframe elements and verifies that there is sandbox attribute and that it's value is valid.

Failing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  //     - Missing 'sandbox' attribute on iframe component.
}

Passing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Implementation

• Rule source
• Test source

Further Reading

• MDN: iframe - sandbox

See Also

• no-missing-button-type
  Enforces explicit type attribute for button elements.
• no-unsafe-iframe-sandbox
  Enforces sandbox attribute for iframe elements is not set to unsafe combinations.