Add script sanitization to template.js

2025-12-24 22:52:40 +00:00 · 2024-05-05 20:18:53 +12:00
parent eb0440d36d
commit ffa90c397c
1 changed files with 3 additions and 1 deletions
--- a/client/template.js
+++ b/client/template.js
@@ -8,6 +8,8 @@ const template = async function(name, title='', props = {}){
 	});
 	const ogMetaTags = ogTags.join('\n');

+	const cleanProps = JSON.stringify(props).replace(/<\/script/g, '<\\\/script');
+
 	return `<!DOCTYPE html>
 	<html>
 		<head>
@@ -23,7 +25,7 @@ const template = async function(name, title='', props = {}){
 		<body>
 			<main id="reactRoot">${require(`../build/${name}/ssr.js`)(props)}</main>
 			<script src=${`/${name}/bundle.js`}></script>
-			<script>start_app(${JSON.stringify(props)})</script>
+			<script>start_app(${cleanProps})</script>
 		</body>
 	</html>
 	`;