microsoft · mkacmar · Oct 3, 2024 · Oct 1, 2024
@@ -84,7 +84,7 @@ We also implemented several [custom rules](./lib/rules) where we did not find su
 | [@microsoft/sdl/no-postmessage-star-origin](./docs/rules/no-postmessage-star-origin.md)                                                                       | Always provide specific target origin, not \* when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.                                                                                                                                              |
 | [@microsoft/sdl/no-unsafe-alloc](./docs/rules/no-unsafe-alloc.md)                                                                                             | When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.                                                            |
 | [@microsoft/sdl/no-winjs-html-unsafe](./docs/rules/no-winjs-html-unsafe.md)                                                                                   | Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](<https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)>) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](<https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)>) instead.                                |
-| [@microsoft/sdl/react-iframe-missing-sandbox](./docs/rules/react-iframe-missing-sandbox.md)                                                                   | The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.                                                                                                                                                                                                           |
+| [react/iframe-missing-sandbox](https://github.com/jsx-eslint/eslint-plugin-react/blob/master/docs/rules/iframe-missing-sandbox.md)                            | The [sandbox](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.                                                                                                                                                                                        |
 | [react/no-danger](https://github.com/yannickcr/eslint-plugin-react/blob/master/docs/rules/no-danger.md)                                                       | Bans usage of `dangerouslySetInnerHTML` property in React as it allows passing unsanitized HTML in DOM.                                                                                                                                                                                                                                                                                     |
 | [@typescript-eslint/no-implied-eval](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/docs/rules/no-implied-eval.md) | Similar to built-in ESLint rule `no-implied-eval`. Bans usage of `setTimeout()`, `setInterval()`, `setImmediate()`, `execScript()` or `new Function()` as they are similar to `eval()` and allow code execution from string arguments.                                                                                                                                                      |
 

@@ -29,15 +29,13 @@ module.exports = (pluginSdl) => {
             enforceDynamicLinks: "always",
             warnOnSpreadAttributes: true
           }
-        ]
+        ],
+        "react/react-iframe-missing-sandbox": "error"
       }
     },
     {
       plugins: {
         "@microsoft/sdl": pluginSdl
-      },
-      rules: {
-        "@microsoft/sdl/react-iframe-missing-sandbox": "error"
       }
     }
   ];

@@ -27,8 +27,7 @@ const plugin = {
     "no-msapp-exec-unsafe": require("./rules/no-msapp-exec-unsafe"),
     "no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"),
     "no-unsafe-alloc": require("./rules/no-unsafe-alloc"),
-    "no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"),
-    "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox")
+    "no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe")
   },
   // Filled in later in order to reference plugin itself.
   configs: {}