no-invalid-html-attribute

Keywords: React, JSX, HTML attributes, validation, ESLint rule, accessibility, LLM-optimized

Validate HTML attribute values in JSX. This rule is part of eslint-plugin-react-features.

Quick Summary

Rule Details

Validates that HTML attribute values are valid according to HTML spec.

Validated Attributes

Examples

❌ Incorrect

<label for="input-id">Label</label>

✅ Correct

<a rel="noopener noreferrer">Link</a>
<a target="_blank">Link</a>
<input type="email" />
<input autoComplete="email" />

Configuration Examples

Basic Usage

{
  rules: {
    'react-features/no-invalid-html-attribute': 'warn'
  }
}

Related Rules

• no-unknown-property - Validate property names
• no-missing-aria-labels - Accessibility

Further Reading

• HTML Attributes - MDN - Reference

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Dynamic Variable References

Why: Static analysis cannot trace values stored in variables or passed through function parameters.

// ❌ NOT DETECTED - Prop from variable
const propValue = computedValue;
<Component prop={propValue} /> // Computation not analyzed

Mitigation: Implement runtime validation and review code manually. Consider using TypeScript branded types for validated inputs.

Wrapped or Aliased Functions

Why: Custom wrapper functions or aliased methods are not recognized by the rule.

// ❌ NOT DETECTED - Custom wrapper
function myWrapper(data) {
  return internalApi(data); // Wrapper not analyzed
}
myWrapper(unsafeInput);

Mitigation: Apply this rule's principles to wrapper function implementations. Avoid aliasing security-sensitive functions.

Imported Values

Why: When values come from imports, the rule cannot analyze their origin or construction.

// ❌ NOT DETECTED - Value from import
import { getValue } from './helpers';
processValue(getValue()); // Cross-file not tracked

Mitigation: Ensure imported values follow the same constraints. Use TypeScript for type safety.