msb-public
/
svelte
mirror of https://github.com/sveltejs/svelte
1
0
Code Issues Projects Releases Wiki Activity

Merge commit from fork

Browse Source
pull/17741/head
Paolo Ricciuti 4 days ago committed by GitHub
parent a0c7f28915
commit f7c80da18c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
.changeset/fix-that-thing.md
Unescape View File

@ -0,0 +1,5 @@
---
'svelte': patch
---
fix: always escape option body in SSR

3
packages/svelte/src/internal/server/renderer.js
Unescape View File

@ -12,6 +12,7 @@ import { get_render_context, with_render_context, init_render_context } from './
import { sha256 } from './crypto.js';
import * as devalue from 'devalue';
import { noop } from '../shared/utils.js';
import { escape_html } from '../../escaping.js';
/** @typedef {'head' | 'body'} RendererType */
/** @typedef {{ [key in RendererType]: string }} AccumulatedContent */
@ -275,7 +276,7 @@ export class Renderer {
renderer.#out.push(' selected=""');
}
renderer.#out.push(`>${body}${is_rich ? '<!>' : ''}</option>`);
renderer.#out.push(`>${escape_html(body)}${is_rich ? '<!>' : ''}</option>`);
// super edge case, but may as well handle it
if (head) {

1
packages/svelte/tests/server-side-rendering/samples/option-body-escaped/_expected.html
Unescape View File

@ -0,0 +1 @@
<!--[--><select><option>a&lt;/option>&lt;script>alert("pwnd")&lt;/script>&lt;option>puppa</option></select><!--]-->

6
packages/svelte/tests/server-side-rendering/samples/option-body-escaped/main.svelte
Unescape View File

@ -0,0 +1,6 @@
<script>
let selectedBook = $state("a</option><sc"+"ript>alert(\"pwnd\")</sc"+"ript><option>puppa");
</script>
<select>
<option>{selectedBook}</option>
</select>
Write Preview
Loading…
Cancel
Save