Skip to content

Commit

Permalink
Fix regression with escaping internal assets
Browse files Browse the repository at this point in the history
  • Loading branch information
th0r committed Apr 11, 2019
1 parent 9836649 commit 20f2b4c
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 13 deletions.
18 changes: 9 additions & 9 deletions src/viewer.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,11 @@ async function startServer(bundleStats, opts) {
app.use('/', (req, res) => {
res.render('viewer', {
mode: 'server',
get chartData() { return JSON.stringify(chartData) },
defaultSizes: JSON.stringify(defaultSizes),
get chartData() { return chartData },
defaultSizes,
enableWebSocket: true,
// Helpers
escapeScript
escapeJson
});
});

Expand Down Expand Up @@ -133,12 +133,12 @@ async function generateReport(bundleStats, opts) {
`${projectRoot}/views/viewer.ejs`,
{
mode: 'static',
chartData: JSON.stringify(chartData),
defaultSizes: JSON.stringify(defaultSizes),
chartData,
defaultSizes,
enableWebSocket: false,
// Helpers
assetContent: getAssetContent,
escapeScript
escapeJson
},
(err, reportHtml) => {
try {
Expand Down Expand Up @@ -180,10 +180,10 @@ function getAssetContent(filename) {
}

/**
* Escapes `<` characters in the string to safely use it in `<script>` tag.
* Escapes `<` characters in JSON to safely use it in `<script>` tag.
*/
function escapeScript(value) {
return String(value).replace(/</gu, '\\u003c');
function escapeJson(json) {
return JSON.stringify(json).replace(/</gu, '\\u003c');
}

function getChartData(analyzerOpts, ...args) {
Expand Down
2 changes: 1 addition & 1 deletion views/script.ejs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<% if (mode === 'static') { %>
<!-- <%= filename %> -->
<script>
<%- escapeScript(assetContent(filename)) %>
<%- assetContent(filename) %>
</script>
<% } else { %>
<script src="<%= filename %>"></script>
Expand Down
6 changes: 3 additions & 3 deletions views/viewer.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@
<body>
<div id="app"></div>
<script>
window.chartData = <%- escapeScript(chartData) %>;
window.defaultSizes = <%- escapeScript(defaultSizes) %>;
window.enableWebSocket = <%- escapeScript(enableWebSocket) %>;
window.chartData = <%- escapeJson(chartData) %>;
window.defaultSizes = <%- escapeJson(defaultSizes) %>;
window.enableWebSocket = <%- escapeJson(enableWebSocket) %>;
</script>
</body>
</html>

0 comments on commit 20f2b4c

Please sign in to comment.