📝 Disallow unescaped HTML literals.
💼 This rule is enabled in the 🔍 browser config.
Constructing raw HTML with string literals is error prone and may lead to security issues.
Instead use lit-html's html tagged template literal to safely construct HTML literal strings. Alternatively, you can implement your own html tagged template literal function, or use document builder APIs like document.createElement.
👎 Examples of incorrect code for this rule:
const title = `<h1>Hello ${name}!</h1>`👍 Examples of correct code for this rule:
// good
const title = html`<h1>Hello ${name}!</h1>`// also good
const title = document.createElement('h1')
title.textContent = `Hello ${name}!`4.3.2