]> Untitled Git - lemmy-ui.git/commitdiff
Fix isoData can contain user generated content (#1114)
author0xDEADCADE <69792955+0xDEADCADE@users.noreply.github.com>
Thu, 8 Jun 2023 15:15:03 +0000 (15:15 +0000)
committerGitHub <noreply@github.com>
Thu, 8 Jun 2023 15:15:03 +0000 (11:15 -0400)
* Fix isoData can contain user generated content

* Fix formatting

src/server/index.tsx

index e220cd6e8b60f1fef1e014e8a4b8a3a2e10fb387..f96901b980b07cd5c2f614edcf52a84257ae16bb 100644 (file)
@@ -25,6 +25,7 @@ import {
   favIconUrl,
   initializeSite,
   isAuthPath,
+  md,
 } from "../shared/utils";
 
 const server = express();
@@ -347,7 +348,9 @@ async function createSsrHtml(root: string, isoData: IsoDataOptionalSite) {
   <!DOCTYPE html>
   <html ${helmet.htmlAttributes.toString()} lang="en">
   <head>
-  <script>window.isoData = ${JSON.stringify(isoData)}</script>
+  <script>window.isoData = ${md.utils.escapeHtml(
+    JSON.stringify(isoData)
+  )}</script>
   <script>window.lemmyConfig = ${serialize(config)}</script>
 
   <!-- A remote debugging utility for mobile -->