Add support for ReactRenderer in XSS Linter

Description

The new ReactRenderer code needs to be recognized by the XSS Linter. The XSS Linter assumes anything in the Mako template is an HTML context, unless it is taught otherwise. The ReactRenderer introduces a new JavaScript context.

For other similar work, the usage in Mako seemed to use blocks like this example with static:require_module.

You can see how the opening and closing tag is declared in the XSS Linter code here.

Acceptance Criteria:

  • Declare new JavaScript context in XSS Linter with unit tests.

  • Ensure running the linter on a single Mako template with the ReactRenderer works as intended (gives warnings if JavaScript filters are not used). See docs for running the XSS linter on a single file.

  • Review and fix any of these new XSS linter warnings on the few uses today. Otherwise you will be adding in new issues and/or breaking the build by busting the thresholds.

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Status

Assignee

Unassigned

Reporter

Robert Raposa

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Epic Link

Priority

Unset
Configure