Skip to content
This repository was archived by the owner on May 17, 2019. It is now read-only.
This repository was archived by the owner on May 17, 2019. It is now read-only.

No html escape for developer error #654

Open
Open
No html escape for developer error#654
@slonoed

Description

@slonoed
slonoed
opened on Dec 21, 2018

Error message and stack are inserted into a page when server-side rendering error occurs in dev mode.

Type of issue

Bug (maybe minor)

Current behavior

Add throw new Error('<script>alert(1)<script>') into Root compoentnt. Reload page: browser shows red page with error. Script tag inserted as is. By default CSP doesn't allow scripts, so it is not executed.

Fusion code

Expected behavior

HTML tags are escaped.

Your environment

  • fusion-cli version:
    1.13.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions