coderabbitai · alexcoderabbitai · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 16, 2025
diff --git a/.coderabbit.yml b/.coderabbit.yml
@@ -0,0 +1,2 @@
+reviews:
+  path_filters: ["**/*","*"]
diff --git a/sampleReact.jsx b/sampleReact.jsx
@@ -0,0 +1,11 @@
+function TestComponent() {
+    // ruleid:react-dangerouslysetinnerhtml
+    return <div dangerouslySetInnerHTML={createMarkup()} />;
+}
-function TestComponent() {
-    // ruleid:react-dangerouslysetinnerhtml
-    return <div dangerouslySetInnerHTML={createMarkup()} />;
-}
+function createMarkup() {
+  return { __html: '<strong>Test markup</strong>' };
+}
+
+function TestComponent() {
+    // ruleid:react-dangerouslysetinnerhtml
+    return <div dangerouslySetInnerHTML={createMarkup()} />;
+}
-function TestComponent() {
-    // ruleid:react-dangerouslysetinnerhtml
-    return <div dangerouslySetInnerHTML={createMarkup()} />;
-}
+function createMarkup() {
+  return { __html: '<strong>Test markup</strong>' };
+}
+
+function TestComponent() {
+    // ruleid:react-dangerouslysetinnerhtml
+    return <div dangerouslySetInnerHTML={createMarkup()} />;
+}
+
+function OkComponent() {
+    // OK
+    const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ';
-    const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ';
+    const discordClientKey = process.env.DISCORD_CLIENT_KEY || 'test-key-placeholder';
-    const discordClientKey = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ';
+    const discordClientKey = process.env.DISCORD_CLIENT_KEY || 'test-key-placeholder';
+    return {__html: 'Первый &middot; Второй'};
+}
+
diff --git a/semgrep.yml b/semgrep.yml
@@ -0,0 +1,14 @@
+rules:
+  - id: docs-react-dangerouslysetinnerhtml
+    languages:
+      - typescript
+      - javascript
+    message: >
+      Setting HTML from code is risky because it’s easy to inadvertently expose
+      your users to a cross-site scripting (XSS) attack.
+    pattern-either:
+      - pattern: |
+          <$X dangerouslySetInnerHTML=... />
+      - pattern: |
+          {dangerouslySetInnerHTML: ...}
+    severity: WARNING