Support for HTML (see attached example rule)

I would like to see support for HTML. Here is a working example DevSkim detection rule based of XML instead.

```json
[
    {
        "name": "HTML_A_Tag_With_TargetBlank_Without_NoOpener",
        "id": "html_a_targetblank_noopener",
        "description": "Detects HTML <a> tags with target='_blank' that do not have the 'noopener' attribute in their rel, which can pose security risks.",
        "recommendation": "Add 'noopener' to the rel attribute of the HTML <a> tag.",
        "tags": ["security", "html", "a-tag", "noopener"],
        "severity": "BestPractice",
        "confidence": "high",
        "applies_to": ["xml"],
        "patterns": [
            {
                "pattern": "<a\\b(?=[^>]*target\\s*=\\s*[\"']_blank[\"'])(?!.*rel\\s*=\\s*[\"'][^\"']*noopener[^\"']*[\"'])[^>]*>",
                "type": "regex",
                "_comment": "Matches <a> tags with target='_blank' and without 'noopener' in rel attribute."
            }
        ]
    }
]
```

Test file
```html
    <a href="https://example.com" target="_blank">Unsafe Link</a>
    <a href="https://example.com" rel="noreferrer" target="_blank">Unsafe Link</a>
    <a href="https://example.com" rel="" target="_blank">Unsafe Link</a>
    <a href="https://example.com">Safe Link</a>
    <a href="https://example.com" rel="noopener" target="_blank">Safe Link</a>
    <a href="https://example.com" rel="noopener noreferrer" target="_blank">Safe Link</a>
```

Perhaps this can be easily done with the already existing XML support.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for HTML (see attached example rule) #746

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Support for HTML (see attached example rule) #746

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions