mirror of https://github.com/withastro/astro.git synced 2025-02-17 22:44:24 -05:00

History

Malte Ubl ca335e1dc0 Fix an XSS in Server Islands. (#11508 ) * Fix an XSS in Server Islands. Discussed with @FredKSchott that this is OK to disclose since Server Islands are still experimental. It's generally not safe to use `JSON.stringify` to interpolate potentially attacker controlled data into `<script>` tags as JSON doesn't escape `<>"'` and so one can use it to break out of the script tag and e.g. make a new one with controlled content. See https://pragmaticwebsecurity.com/articles/spasecurity/json-stringify-xss * Format * Create smart-snakes-promise.md * Switch to manual encoding --------- Co-authored-by: Matt Kane <m@mk.gg>		2024-07-19 15:02:14 +01:00
..
blue-jars-hang.md	fix: better logging for rewrites (#11505 )	2024-07-19 12:45:10 +01:00
config.json
empty-onions-buy.md	[docs] fix typos in config reference (#11506 )	2024-07-19 12:57:23 +01:00
README.md
smart-snakes-promise.md	Fix an XSS in Server Islands. (#11508 )	2024-07-19 15:02:14 +01:00
spotty-camels-joke.md	Adds missing export (#11501 )	2024-07-19 07:57:30 +01:00

README.md

Changesets

Hello and welcome! This folder has been automatically generated by @changesets/cli, a build tool that works with multi-package repos, or single-package repos to help you version and publish your code. You can find the full documentation for it in our repository

We have a quick list of common questions to get you started engaging with this project in our documentation