From 327482358c681055963cf6c27d4a4fdd48bf8282 Mon Sep 17 00:00:00 2001
From: Andreas Stassivik <andreas@stassi.net>
Date: Fri, 27 Sep 2024 19:53:13 -0700
Subject: [PATCH 1/4] npm install `eslint-plugin-no-unsanitized@^4.1.1`

---
 package-lock.json | 11 +++++++++++
 package.json      |  1 +
 2 files changed, 12 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index 3f94171..26f46b3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -42,6 +42,7 @@
         "eslint-plugin-import": "^2.30.0",
         "eslint-plugin-jest": "^28.8.3",
         "eslint-plugin-jsonc": "^2.16.0",
+        "eslint-plugin-no-unsanitized": "^4.1.1",
         "eslint-plugin-prettier": "^5.2.1",
         "expect-puppeteer": "^10.1.1",
         "jest": "^29.7.0",
@@ -5702,6 +5703,16 @@
         "node": "*"
       }
     },
+    "node_modules/eslint-plugin-no-unsanitized": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-no-unsanitized/-/eslint-plugin-no-unsanitized-4.1.1.tgz",
+      "integrity": "sha512-N0yf7iYWQAO/qiglZlrASXRf6I/18q9d9NNR5Vw175zgrPduvLfnBwgWwM75D4g4lbrd9uPNXlieaFGWZ40h4A==",
+      "dev": true,
+      "license": "MPL-2.0",
+      "peerDependencies": {
+        "eslint": "^8 || ^9"
+      }
+    },
     "node_modules/eslint-plugin-playwright": {
       "version": "1.6.2",
       "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-1.6.2.tgz",
diff --git a/package.json b/package.json
index 5b73593..e79b7f1 100644
--- a/package.json
+++ b/package.json
@@ -76,6 +76,7 @@
     "eslint-plugin-import": "^2.30.0",
     "eslint-plugin-jest": "^28.8.3",
     "eslint-plugin-jsonc": "^2.16.0",
+    "eslint-plugin-no-unsanitized": "^4.1.1",
     "eslint-plugin-prettier": "^5.2.1",
     "expect-puppeteer": "^10.1.1",
     "jest": "^29.7.0",

From 63eb0bbd099b13fc3580e3e45031a48119d9c07a Mon Sep 17 00:00:00 2001
From: Andreas Stassivik <andreas@stassi.net>
Date: Fri, 27 Sep 2024 19:53:41 -0700
Subject: [PATCH 2/4] eslint configure `eslint-plugin-no-unsanitized`

---
 .eslintrc.cjs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.eslintrc.cjs b/.eslintrc.cjs
index b7c72a7..dc5401a 100644
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@@ -71,6 +71,14 @@ module.exports = {
         ],
       },
     },
+    {
+      files: ['*.js', '*.ts'],
+      plugins: ['no-unsanitized'],
+      rules: {
+        'no-unsanitized/method': 'error',
+        'no-unsanitized/property': 'error',
+      },
+    },
   ],
   parser: '@babel/eslint-parser',
   parserOptions: {

From 77999f1dc26f23478c13a2e85ff98675a28d7a60 Mon Sep 17 00:00:00 2001
From: Andreas Stassivik <andreas@stassi.net>
Date: Fri, 27 Sep 2024 19:55:00 -0700
Subject: [PATCH 3/4] eslint-disable no-unsanitized/property

---
 public/leaflet-adapter/document-object-model/dom-element.js | 1 +
 public/tutorial/choropleth/script/choropleth.js             | 1 +
 2 files changed, 2 insertions(+)

diff --git a/public/leaflet-adapter/document-object-model/dom-element.js b/public/leaflet-adapter/document-object-model/dom-element.js
index 2547943..baa24b0 100644
--- a/public/leaflet-adapter/document-object-model/dom-element.js
+++ b/public/leaflet-adapter/document-object-model/dom-element.js
@@ -12,6 +12,7 @@ export function domElement({ name, style }) {
     },
     element,
     setInnerHtml(innerHtml) {
+      // eslint-disable-next-line no-unsanitized/property -- TODO: Sanitize input
       element.innerHTML = innerHtml
       return innerHtml
     },
diff --git a/public/tutorial/choropleth/script/choropleth.js b/public/tutorial/choropleth/script/choropleth.js
index f5926d9..4c16880 100644
--- a/public/tutorial/choropleth/script/choropleth.js
+++ b/public/tutorial/choropleth/script/choropleth.js
@@ -1,4 +1,5 @@
 /* eslint-disable no-nested-ternary -- copied from tutorial */
+/* eslint-disable no-unsanitized/property -- copied from tutorial */
 
 import { DomUtility } from '../../../leaflet-adapter/document-object-model/dom-utility.js'
 import { control } from '../../../leaflet-adapter/control/control.js'

From 5db014c5cfb0577e154b1c8954611e95f05b27c8 Mon Sep 17 00:00:00 2001
From: Andreas Stassivik <andreas@stassi.net>
Date: Fri, 27 Sep 2024 19:56:06 -0700
Subject: [PATCH 4/4] 0.0.33

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 26f46b3..912926e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@stassi/leaf",
-  "version": "0.0.32",
+  "version": "0.0.33",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@stassi/leaf",
-      "version": "0.0.32",
+      "version": "0.0.33",
       "cpu": [
         "arm64",
         "x64"
diff --git a/package.json b/package.json
index e79b7f1..2673813 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stassi/leaf",
-  "version": "0.0.32",
+  "version": "0.0.33",
   "description": "Leaflet adapter.",
   "keywords": [
     "cartography",