Provide more context in call_setTimeout
#17
Conversation
The [original rule that this seems to be based on](https://github.com/mozilla/scanjs/blob/master/common/rules.json#L35) has more context about _why_ `setTimeout` can be dangerous. This commit simply copy+pastes from the original scanjs rule to the eslint rule.
|
Hm, taking this patch would this one rule stand out whereas others just got the terse boilerplate text. I'm not sure about the benefits here. Do you intend to change all of them later? What's the actualy goal here? :-) |
|
@mozfreddyb thanks for looking at this! I do indeed think it's a good idea to change every message for which there is additional context in the original scanjs rule. However, I wasn't sure what kind of appetite existed for these changes. I created this PR to test the waters before trying to change all the messages 😊 What do you think about providing the original scanjs context in general? |
|
Yeah, it's good you were testing the water. Don't let my responsiveness fool you. I don't have the time to maintain this repo properly. If you intend to patch it, I suggest you operate in a fork. If you intend to contribute to active Mozilla / Security projects, I can give you more pointers. |
The original rule that this seems to be based on has more context about why
setTimeoutcan be dangerous. This commit simply copy+pastes from the original scanjs rule to the eslint rule.