mirror of https://github.com/sveltejs/svelte
[fix] escape style attribute for SSR (#8087)
parent
75c3a48245
commit
94e51df07b
@ -0,0 +1,7 @@
|
||||
<div>hi</div>
|
||||
|
||||
<style>
|
||||
div {
|
||||
background-color: var(--color);
|
||||
}
|
||||
</style>
|
@ -0,0 +1,12 @@
|
||||
export default {
|
||||
html: `
|
||||
<div style="display: contents; --color: " onload="alert('uhoh')" data-nothing="not important;">
|
||||
<div class="svelte-271qee">hi</div>
|
||||
</div>
|
||||
`,
|
||||
ssrHtml: `
|
||||
<div style="display: contents; --color:" onload="alert('uhoh')" data-nothing="not important;">
|
||||
<div class="svelte-271qee">hi</div>
|
||||
</div>
|
||||
`
|
||||
};
|
@ -0,0 +1,6 @@
|
||||
<script>
|
||||
import Sub from './Sub.svelte';
|
||||
export let attack = '" onload="alert(\'uhoh\')" data-nothing="not important';
|
||||
</script>
|
||||
|
||||
<Sub --color={attack} />
|
@ -0,0 +1,12 @@
|
||||
export default {
|
||||
html: `
|
||||
<div style="--css-variable: " onload="alert('uhoh')" data-nothing="not important;"></div>
|
||||
`,
|
||||
|
||||
test({ assert, component, target }) {
|
||||
component.attack = '" onload="alert(\'uhoh2\')" data-nothing="not important';
|
||||
assert.htmlEqual(target.innerHTML, `
|
||||
<div style="--css-variable: " onload="alert('uhoh2')" data-nothing="not important;"></div>
|
||||
`);
|
||||
}
|
||||
};
|
@ -0,0 +1,5 @@
|
||||
<script>
|
||||
export let attack = '" onload="alert(\'uhoh\')" data-nothing="not important';
|
||||
</script>
|
||||
|
||||
<div style:--css-variable={attack} />
|
Loading…
Reference in new issue