Skip to content

fix(no-v-html): add CallExpression support to ignorePattern option #2950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 11, 2025
Merged

fix(no-v-html): add CallExpression support to ignorePattern option #2950

merged 3 commits into from
Nov 11, 2025
+35 −3

Conversation

@kzhrk
Copy link
Contributor

@kzhrk kzhrk commented Nov 8, 2025

Closes #2949

Extends the ignorePattern option to support CallExpression (function call)
patterns like $sanitize(test), previously only supporting simple identifiers.

This allows users to ignore sanitized HTML expressions using patterns such as
^\$sanitize\(.

@changeset-bot
Copy link

changeset-bot bot commented Nov 8, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 72e48a4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
eslint-plugin-vue Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@kzhrk kzhrk marked this pull request as draft November 8, 2025 06:07
@kzhrk
fix(no-v-html): add CallExpression support to ignorePattern option (v…
b9ebc7e 
…uejs#2949)

This commit extends the `ignorePattern` option to support function call expressions
like `$sanitize(test)`, not just simple variable identifiers like `htmlSafe`.

Changes:
- Add new `shouldIgnore()` helper function that handles both Identifier and
  CallExpression expression types
- For Identifiers, use the `name` property directly for optimal performance
- For CallExpressions and other expression types, use `sourceCode.getText()`
  to get the full expression text
- Update the visitor to pass `sourceCode` to the new helper function

This allows users to configure patterns like `^\$sanitize\(` to match function
call expressions where the function name matches the pattern.

Tests:
- Add test case for CallExpression matching with ignorePattern `^\$sanitize\(`
- All existing tests continue to pass
@kzhrk kzhrk marked this pull request as ready for review November 8, 2025 06:14
FloEdelmann
FloEdelmann requested changes Nov 10, 2025
View reviewed changes
Copy link
Member

@FloEdelmann FloEdelmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking into it and fixing the core issue! This looks really good 🙂

I just have two minor suggestion.

@FloEdelmann FloEdelmann requested a review from Copilot November 10, 2025 08:21
Copilot AI reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR extends the ignorePattern option in the no-v-html rule to support matching complex expressions like CallExpression (e.g., $sanitize(test)), not just simple identifiers. This allows users to whitelist sanitization function calls.

Key changes:

  • Refactored the ignore pattern matching logic into a reusable shouldIgnore helper function
  • Added support for matching any expression type by getting the full text when it's not a simple identifier
  • Added a test case demonstrating the new CallExpression pattern matching capability

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
lib/rules/no-v-html.js Introduced shouldIgnore helper function to handle pattern matching for both Identifiers and complex expressions like CallExpression
tests/lib/rules/no-v-html.js Added valid test case for CallExpression pattern matching with $sanitize() function
.changeset/add-callexpression-support.md Added changeset documenting the patch-level fix

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

FloEdelmann and others added 2 commits November 10, 2025 09:23
@FloEdelmann
Standardize changeset wording
0e52bb8
@FloEdelmann
Use getSourceCode function
72e48a4 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@kzhrk
Copy link
Contributor Author

kzhrk commented Nov 10, 2025

@FloEdelmann
Thanks for the fixes and the quick follow-up commits!😊

ota-meshi
ota-meshi approved these changes Nov 11, 2025
View reviewed changes
Copy link
Member

@ota-meshi ota-meshi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you!

@ota-meshi ota-meshi merged commit 9581472 into vuejs:master Nov 11, 2025
15 checks passed
@github-actions github-actions bot mentioned this pull request Nov 11, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@FloEdelmann FloEdelmann FloEdelmann approved these changes

@ota-meshi ota-meshi ota-meshi approved these changes

@waynzh waynzh Awaiting requested review from waynzh

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

vue/no-v-html ignorePattern regex escaping causes different behavior in VS Code vs CLI

3 participants

@kzhrk @FloEdelmann @ota-meshi