1  /**
 2   * Rule to prevent inline script tags in HTML files
 3   */
 4  
 5  export default {
 6    meta: {
 7      type: 'problem',
 8      docs: {
 9        description: 'Prevent inline script tags in HTML files',
10        category: 'Security',
11        recommended: true,
12      },
13      fixable: null,
14      schema: [],
15      messages: {
16        noInlineScript: 'Inline script tags are not allowed. Move script content to external files.',
17      },
18    },
19  
20    create(context) {
21      return {
22        // For HTML files, we need to check script tags
23        'ScriptTag'(node) {
24          // Check if this is an inline script (has content but no src attribute)
25          const hasContent = node.value && node.value.value && node.value.value.trim().length > 0;
26          const hasSrc = node.attributes && node.attributes.some(attr => 
27            attr.key && attr.key.value === 'src'
28          );
29  
30          // If the script has content but no src attribute, it's an inline script
31          if (hasContent && !hasSrc) {
32            context.report({
33              node,
34              messageId: 'noInlineScript',
35            });
36          }
37        },
38      };
39    },
40  };