preact-render-to-string icon indicating copy to clipboard operation
preact-render-to-string copied to clipboard

Published 20 hours ago verified publisher icon preactjs

fix: escape a single quote

Open yusukebe opened this issue 2 years ago • 3 comments

Hi,

Firstly, thank you for the great project.

In this PR, I've implemented the escaping of a single quote (0x27) to '. This modification will prevent the potential execution of scripts, as illustrated below:

const value = "alert('bar!')";
return <div onMouseOver={value}>foo</div>;

yusukebe avatar Aug 13 '23 01:08 yusukebe