forbidden-properties
Learn how to set custom rules to disallow reading from, writing to, and/or calling one or more propertiesConformance is available on Enterprise plans
The forbidden-properties
rule type enables you to disallow reading from,
writing to, and/or calling one or more properties.
- Disallowing use of global properties
- You want to disallow calling
document.write
- You want to disallow using browser-only APIs in a component library that may be server-rendered
- You want to disallow calls to usage of
window.location
in favor of another solution.
- You want to disallow calling
- Disallowing use of deprecated features
- You want to disallow using
event.keyCode
- You want to disallow specific strings from being used within code
- You want to disallow using
To create a custom forbidden-properties
rule, you'll need to configure the below
required properties:
Property | Type | Description |
---|---|---|
ruleType | "forbidden-properties" | The custom rule's type. |
ruleName | string | The custom rule's name. |
errorMessage | string | The error message, which is shown to users when they encounter this rule. |
errorLink | string (optional) | An optional link to show alongside the error message. |
description | string (optional) | The rule description, which is shown in the Vercel Compass dashboard and included in allowlist files. |
severity | "major" | "minor" (optional) | The rule severity added to the allowlists and used to calculate a project's conformance score. |
forbiddenProperties | ForbiddenProperty[] | One or more properties and their forbidden operations. |
Property | Type | Description |
---|---|---|
property | string | The property to target. |
operations | { call?: boolean, read?: boolean, write?: boolean } | The operation(s) to target. At least one operation is required. |
The example below configures a rule named NO_DOCUMENT_WRITE_CALLS
that
disallows calling document.write
.
{
"customRules": [
{
"ruleType": "forbidden-properties",
"ruleName": "NO_DOCUMENT_WRITE_CALLS",
"errorMessage": "Calling 'document.write' is not allowed.",
"description": "Disallows calls to `document.write`.",
"severity": "major",
"forbiddenProperties": [
{
"property": "document.write",
"operations": {
"call": true,
},
},
],
},
],
}
Note that a property's assignments are tracked by this custom rule type.
Using our example NO_DOCUMENT_WRITE_CALLS
rule (above), the following calls
will both result in errors.
document.write();
const writer = document.write;
writer();
The example below enables the NO_DOCUMENT_WRITE_CALLS
custom rule. In this
example, the custom rule is also restricted to the dashboard
and
marketing-site
workspaces, which is optional.
{
"overrides": [
{
"restrictTo": {
"workspaces": ["dashboard", "marketing-site"],
},
"rules": {
"CUSTOM.NO_DOCUMENT_WRITE_CALLS": true,
},
},
],
"customRules": [
// ...
],
}
;
Was this helpful?