diff --git a/docs/rules/unescaped-html-literal.md b/docs/rules/unescaped-html-literal.md index 6f08bc3b..3afc4c70 100644 --- a/docs/rules/unescaped-html-literal.md +++ b/docs/rules/unescaped-html-literal.md @@ -8,7 +8,7 @@ Constructing raw HTML with string literals is error prone and may lead to security issues. -Instead use [`lit-html`](https://github.com/Polymer/lit-html)'s `html` tagged template literal to safely construct HTML literal strings. Alternatively, you can use document builder APIs like `document.createElement`. +Instead use [`lit-html`](https://github.com/Polymer/lit-html)'s `html` tagged template literal to safely construct HTML literal strings. Alternatively, you can implement your own `html` tagged template literal function, or use document builder APIs like `document.createElement`. 👎 Examples of **incorrect** code for this rule: diff --git a/lib/rules/unescaped-html-literal.js b/lib/rules/unescaped-html-literal.js index d8a7c6fd..fb6c8dc4 100644 --- a/lib/rules/unescaped-html-literal.js +++ b/lib/rules/unescaped-html-literal.js @@ -15,7 +15,7 @@ export default { }, create(context) { - const htmlOpenTag = /^<[a-zA-Z]/ + const htmlOpenTag = /^\s*<[a-zA-Z]/ return { Literal(node) { diff --git a/tests/unescaped-html-literal.js b/tests/unescaped-html-literal.js index f9b66ef7..6f8ccb95 100644 --- a/tests/unescaped-html-literal.js +++ b/tests/unescaped-html-literal.js @@ -57,6 +57,16 @@ ruleTester.run('unescaped-html-literal', rule, { }, ], }, + { + code: "const helloHTML = ` \n\t