Ulas Kalayci
29 lines
844 B
Bash
Executable File
29 lines
844 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
INPUT=$(cat)
|
|
FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty')
|
|
|
|
case "$FILE_PATH" in
|
|
*.js|*.mjs|*.html) ;;
|
|
*) exit 0 ;;
|
|
esac
|
|
|
|
[ -f "$FILE_PATH" ] || exit 0
|
|
|
|
MATCHES=$(grep -nE '\.innerHTML[[:space:]]*[+]?=[^=]' "$FILE_PATH" || true)
|
|
|
|
if [ -n "$MATCHES" ]; then
|
|
jq -n --arg matches "$MATCHES" --arg path "$FILE_PATH" '{
|
|
decision: "block",
|
|
reason: ("innerHTML write detected in " + $path + ":\n" + $matches + "\n\nUse textContent, createElement, createElementNS, replaceChildren, or appendChild. See CLAUDE.md Hard Constraints."),
|
|
hookSpecificOutput: {
|
|
hookEventName: "PostToolUse",
|
|
additionalContext: "Revert this change and use DOM APIs. The innerHTML ban has no exceptions — not even for static SVG sprite strings."
|
|
}
|
|
}'
|
|
exit 0
|
|
fi
|
|
|
|
exit 0
|