Skip to content

Commit

Permalink
escapes script
Browse files Browse the repository at this point in the history
  • Loading branch information
jhmullen committed Mar 3, 2022
1 parent ab0e961 commit 5ef3ff9
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions packages/core/src/server.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,12 @@ const baseTag = process.env.CANON_BASE_URL === undefined ? ""
/**
Returns the default server logic for rendering a page.
*/
export default function (defaultStore = appInitialState, headerConfig, reduxMiddleware = false) {
export default function(defaultStore = appInitialState, headerConfig, reduxMiddleware = false) {

return function (req, res) {
return function(req, res) {

const locale = req.i18n.language,
resources = req.i18n.getResourceBundle(req.i18n.language);
resources = req.i18n.getResourceBundle(req.i18n.language);

const windowLocation = {
basename,
Expand Down Expand Up @@ -120,8 +120,8 @@ export default function (defaultStore = appInitialState, headerConfig, reduxMidd
const helmetContext = {};

let componentHTML,
scriptTags = "<script type=\"text/javascript\" charset=\"utf-8\" src=\"/assets/client.js\"></script>",
styleTags = "<link rel=\"stylesheet\" type=\"text/css\" href=\"/assets/styles.css\">";
scriptTags = "<script type=\"text/javascript\" charset=\"utf-8\" src=\"/assets/client.js\"></script>",
styleTags = "<link rel=\"stylesheet\" type=\"text/css\" href=\"/assets/styles.css\">";

if (production) {

Expand Down Expand Up @@ -195,7 +195,7 @@ export default function (defaultStore = appInitialState, headerConfig, reduxMidd
styleTags = styleTags.replace(/\/assets\//g, "assets/");
}

const serialize = obj => `JSON.parse('${jsesc(JSON.stringify(obj))}')`;
const serialize = obj => `JSON.parse('${jsesc(JSON.stringify(obj), {isScriptContext: true})}')`;

return res.status(status).send(`<!doctype html>
<html dir="${rtl ? "rtl" : "ltr"}" ${htmlAttrs}${defaultAttrs}>
Expand Down

0 comments on commit 5ef3ff9

Please sign in to comment.