We recommend looking at https://github.com/mozilla/eslint-plugin-no-unsanitized if you are interested in xss-prevention techniques.
If you want to get something like ScanJS using ESLint. This is the config file.
npm -g install
* cp -v .eslintrc ~/.scanjs-eslintrc
cd project-to-scan/
eslint --no-eslintrc -c ~/.scanjs-eslintrc .
- Open the Settings dialog and navigate to Languages & Frameworks → JavaScript → Code Quality Tools → ESLint.
- Enable ESLint and make sure your settings match your installation: Use a globally installed eslint package, the installer will place this in
/usr/lib/node_modules/eslint
orusr/local/lib/node_modules/eslint
. - Supply the config path
~/.scanjs-eslintrc
- Reset the default rules, by providing extra eslint options, so we only use the provided config. This disables the default eslint rules, which check for coding style, not security:
--no-eslintrc -c ~/.scanjs-eslintrc .