Malte Ubl ca335e1dc0 Fix an XSS in Server Islands. (#11508) ... * Fix an XSS in Server Islands. Discussed with @FredKSchott that this is OK to disclose since Server Islands are still experimental. It's generally not safe to use `JSON.stringify` to interpolate potentially attacker controlled data into `<script>` tags as JSON doesn't escape `<>"'` and so one can use it to break out of the script tag and e.g. make a new one with controlled content. See https://pragmaticwebsecurity.com/articles/spasecurity/json-stringify-xss * Format * Create smart-snakes-promise.md * Switch to manual encoding --------- Co-authored-by: Matt Kane <m@mk.gg>		2024-07-19 15:02:14 +01:00
..
astro	Fix an XSS in Server Islands. (#11508)	2024-07-19 15:02:14 +01:00
astro-prism	chore(deps): update all non-major dependencies (#10958)	2024-05-09 15:20:13 +08:00
astro-rss	[ci] release (#11297)	2024-06-24 12:49:52 -04:00
create-astro	Fix typos (#10923)	2024-05-01 13:56:38 +08:00
db	[ci] release (#11481)	2024-07-18 16:05:23 +01:00
integrations	feat(container): client hydration (#11486)	2024-07-18 16:28:52 +01:00
internal-helpers	[ci] release (#11297)	2024-06-24 12:49:52 -04:00
markdown/remark	[ci] release (#11481)	2024-07-18 16:05:23 +01:00
studio	fix(deps): update all non-major dependencies (#11426)	2024-07-17 14:48:07 +08:00
telemetry	fix(deps): update all non-major dependencies (#11222)	2024-06-11 08:59:21 +01:00
underscore-redirects	[ci] release (#11297)	2024-06-24 12:49:52 -04:00
upgrade	fix(deps): update dependency preferred-pm to v4 (#11428)	2024-07-17 15:23:19 +08:00