Skip to content
This repository has been archived by the owner on Oct 1, 2024. It is now read-only.

Less aggressive escaping of <script> content #2570

Merged
merged 6 commits into from
Feb 18, 2023
Merged

Less aggressive escaping of <script> content #2570

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
00cb420
Swap serialize-javascript with jsesc
atesgoral Feb 17, 2023
067bd64
Use jsesc in script context mode
atesgoral Feb 17, 2023
a788ea6
Enable JSON mode
atesgoral Feb 17, 2023
986799d
Update test
atesgoral Feb 17, 2023
79adf2f
Add changeset
atesgoral Feb 17, 2023
b5115e8
Fix test: There's no undefined in JSON.
atesgoral Feb 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions packages/react-html/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@
"@shopify/react-effect": "^5.0.2",
"@shopify/react-hydrate": "^3.0.6",
"@types/multistream": "^2.1.1",
"multistream": "^2.1.1",
"serialize-javascript": "^3.0.0"
"jsesc": "^3.0.2",
"multistream": "^2.1.1"
},
"peerDependencies": {
"react": ">=16.8.0 <19.0.0",
Expand Down
8 changes: 6 additions & 2 deletions packages/react-html/src/server/components/Serialize.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import React from 'react';
import serialize from 'serialize-javascript';
import jsesc from 'jsesc';

import {SERIALIZE_ATTRIBUTE} from '../../utilities';

Expand All @@ -9,10 +9,14 @@ interface Props {
}

export default function Serialize({id, data}: Props) {
const serialized = jsesc(data, {
isScriptContext: true,
});

return (
<script
type="text/json"
dangerouslySetInnerHTML={{__html: serialize(data, {isJSON: true})}}
dangerouslySetInnerHTML={{__html: serialized}}
{...{[SERIALIZE_ATTRIBUTE]: id}}
/>
);
Expand Down
12 changes: 5 additions & 7 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9813,6 +9813,11 @@ jsesc@^2.5.1:
resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4"
integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==

jsesc@^3.0.2:
version "3.0.2"
resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-3.0.2.tgz#bb8b09a6597ba426425f2e4a07245c3d00b9343e"
integrity sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==

jsesc@~0.5.0:
version "0.5.0"
resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
Expand Down Expand Up @@ -12938,13 +12943,6 @@ sentence-case@^3.0.4:
tslib "^2.0.3"
upper-case-first "^2.0.2"

serialize-javascript@^3.0.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-3.1.0.tgz#8bf3a9170712664ef2561b44b691eafe399214ea"
integrity sha512-JIJT1DGiWmIKhzRsG91aS6Ze4sFUrYbltlkg2onR5OrnNM02Kl/hnY/T4FN2omvyeBbQmMJv+K4cPOpGzOTFBg==
dependencies:
randombytes "^2.1.0"

serialize-javascript@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-4.0.0.tgz#b525e1238489a5ecfc42afacc3fe99e666f4b1aa"
Expand Down