Skip to content
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.

Latest commit

 

History

History
70 lines (51 loc) · 1.73 KB

no-unescaped-entities.md

File metadata and controls

70 lines (51 loc) · 1.73 KB

Prevent invalid characters from appearing in markup (no-unescaped-entities)

This rule prevents characters that you may have meant as JSX escape characters from being accidentally injected as a text node in JSX statements.

For example, if one were to misplace their closing > in a tag:

<MyComponent
  name="name"
  type="string"
  foo="bar">  {/* oops! */}
  x="y">
  Body Text
</MyComponent>

The body text of this would render as x="y"> Body Text, which is probably not what was intended. This rule requires that these special characters are escaped if they appear in the body of a tag.

Another example is when one accidentally includes an extra closing brace.

<MyComponent>{'Text'}}</MyComponent>

The extra brace will be rendered, and the body text will be Text}.

This rule will also check for " and ', which might be accidentally included when the closing > is in the wrong place.

<MyComponent
  a="b">  {/* oops! */}
  c="d"
  Intended body text
</MyComponent>

The preferred way to include one of these characters is to use the HTML escape code.

  • > can be replaced with &gt;
  • " can be replaced with &quot;, &ldquo; or &rdquo;
  • ' can be replaced with &apos;, &lsquo; or &rsquo;
  • } can be replaced with &#125;

Alternatively, you can include the literal character inside a subexpression (such as <div>{'>'}</div>.

The characters < and { should also be escaped, but they are not checked by this rule because it is a syntax error to include those tokens inside of a tag.

Rule Details

The following patterns are considered warnings:

<div> > </div>

The following patterns are not considered warnings:

<div> &gt; </div>
<div> {'>'} </div>