Implement lint rule to disallow components which rely on runtime template compilation
Runtime template compilation requires a larger Vue bundle, and increase the chances of XSS via mixing of templating technologies (e.g., building the template in HAML, and parsing by Vue).
It'd be better to remove all instances of runtime template compilation, which would then allow us to remove the template compiler from the application build.
This issue is only about implementing the linting rule to disallow components to rely on the runtime compiler, but not necessarily fixing any violations (since that is likely non-trivial for templates built by HAML, and perhaps other reasons).
Implementation plan
-
Implement lint rule !33 (merged) -
Enable the rule on gitlab-org/gitlab
gitlab-org/gitlab!52155 (merged) -
Create follow-up epic to rewrite components which rely on a runtime compiler: gitlab-org&5301 (closed)
Edited by Lukas Eipert