From 2af3da81d6bcde1ed0a5f9d5ae2d29d03ead7542 Mon Sep 17 00:00:00 2001
From: Matt Bierner <12821956+mjbvz@users.noreply.github.com>
Date: Wed, 10 Sep 2025 15:57:38 -0700
Subject: [PATCH] Add eslint rule to ban using dompurify directly

All callers in our codebase should use `domSanitize` instead

Also adding myself as a codeowner here to make sure I'm alerted to changes in domSanitize since they need more consideration
---
 .github/CODEOWNERS                 |  1 +
 eslint.config.js                   | 11 +++++++++++
 src/vs/base/browser/domSanitize.ts |  1 +
 3 files changed, 13 insertions(+)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index dd7ea862b2c..ad5317637ff 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -25,6 +25,7 @@ src/cli.ts @bpasero @deepak1556
 src/main.ts @bpasero @deepak1556
 src/server-cli.ts @bpasero @deepak1556
 src/server-main.ts @bpasero @deepak1556
+src/vs/base/browser/domSanitize.ts @mjbvz
 src/vs/base/parts/sandbox/** @bpasero @deepak1556
 src/vs/base/parts/storage/** @bpasero @deepak1556
 src/vs/platform/backup/** @bpasero
diff --git a/eslint.config.js b/eslint.config.js
index d7b29f29cc0..7d9f93f5f32 100644
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -763,6 +763,17 @@ export default tseslint.config(
 			'local': pluginLocal,
 		},
 		rules: {
+			'no-restricted-imports': [
+				'warn',
+				{
+					'patterns': [
+						{
+							'group': ['dompurify*'],
+							'message': 'Use domSanitize instead of dompurify directly'
+						},
+					]
+				}
+			],
 			'local/code-import-patterns': [
 				'warn',
 				{
diff --git a/src/vs/base/browser/domSanitize.ts b/src/vs/base/browser/domSanitize.ts
index 887d5a30c7b..9db24ef362f 100644
--- a/src/vs/base/browser/domSanitize.ts
+++ b/src/vs/base/browser/domSanitize.ts
@@ -5,6 +5,7 @@
 
 import { Schemas } from '../common/network.js';
 import { reset } from './dom.js';
+// eslint-disable-next-line no-restricted-imports
 import dompurify from './dompurify/dompurify.js';
 
 /**