Skip to content

Commit

Permalink
subapp-web: Json script escape fix (#1573)
Browse files Browse the repository at this point in the history
* Use jsesc to render initial redux state

* parse before jsesc
  • Loading branch information
christianlent authored Mar 23, 2020
1 parent 41d81fa commit 6c34654
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
7 changes: 6 additions & 1 deletion packages/subapp-web/lib/load.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ const _ = require("lodash");
const retrieveUrl = require("request");
const util = require("./util");
const xaa = require("xaa");
const jsesc = require("jsesc");
const { loadSubAppByName, loadSubAppServerByName } = require("subapp-util");

// global name to store client subapp runtime, ie: window.xarcV1
Expand Down Expand Up @@ -225,7 +226,11 @@ module.exports = function setup(setupContext, { props: setupProps }) {
// embed large initial state as text and parse with JSON.parse instead.
const dataId = `${name}-initial-state-${Date.now()}-${++INITIAL_STATE_TAG_ID}`;
dynInitialState = `<script type="application/json" id="${dataId}">
${initialStateStr}
${jsesc(JSON.parse(initialStateStr), {
json: true,
isScriptContext: true,
wrap: true
})}
</script>
`;
initialStateScript = `JSON.parse(document.getElementById("${dataId}").innerHTML)`;
Expand Down
1 change: 1 addition & 0 deletions packages/subapp-web/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
"dependencies": {
"@babel/runtime": "^7.8.3",
"history": "^4.9.0",
"jsesc": "^2.5.2",
"little-loader": "^0.2.0",
"lodash": "^4.17.15",
"optional-require": "^1.0.0",
Expand Down

0 comments on commit 6c34654

Please sign in to comment.