lwc icon indicating copy to clipboard operation
lwc copied to clipboard

Published 20 hours ago verified publisher icon salesforce

Move validation of `<style>` contents to compilation

Open nolanlawson opened this issue 1 year ago • 1 comments

As of #3442, we check for CSS that cannot be inlined into <style> tags (e.g. because it contains the string </style>, which could could cause an XSS vulnerability).

Right now we pay this cost during SSR, but ideally this validation should be done once during compilation, not multiple times during SSR. However, this would be a breaking change, since it could impact existing LEX components (which currently don't need to support SSR).

Another solution would be to find some other solution entirely that doesn't involve validating the <style> contents. (E.g. figuring out a clever way to escape a CSS selector like [attr="</style>"], assuming that this pattern even exists in the wild.)

nolanlawson avatar Apr 10 '23 21:04 nolanlawson

This issue has been linked to a new work item: W-15618965

git2gus[bot] avatar Apr 26 '24 18:04 git2gus[bot]