Skip to content

Commit

Permalink
fix: SSR時のmetaをエスケープするように (#13440)
Browse files Browse the repository at this point in the history 
* fix: SSR時のmetaをエスケープするように

* エスケープ方法を変更
  • Loading branch information
@kakkokari-gtyih
kakkokari-gtyih authored Feb 23, 2024
1 parent d20542c commit 080a3c2
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 2 deletions.
2 changes: 2 additions & 0 deletions packages/backend/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@
"got": "14.1.0",
"happy-dom": "10.0.3",
"hpagent": "1.2.0",
"htmlescape": "^1.1.1",
"http-link-header": "1.1.1",
"ioredis": "5.3.2",
"ip-cidr": "3.1.0",
Expand Down Expand Up @@ -194,6 +195,7 @@
"@types/color-convert": "2.0.3",
"@types/content-disposition": "0.5.8",
"@types/fluent-ffmpeg": "2.1.24",
"@types/htmlescape": "^1.1.3",
"@types/http-link-header": "1.0.5",
"@types/jest": "29.5.11",
"@types/js-yaml": "4.0.9",
Expand Down
4 changes: 2 additions & 2 deletions packages/backend/src/server/web/ClientServerService.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import fastifyView from '@fastify/view';
import fastifyCookie from '@fastify/cookie';
import fastifyProxy from '@fastify/http-proxy';
import vary from 'vary';
import htmlSafeJsonStringify from 'htmlescape';
import type { Config } from '@/config.js';
import { getNoteSummary } from '@/misc/get-note-summary.js';
import { DI } from '@/di-symbols.js';
Expand All @@ -34,7 +35,6 @@ import { ClipEntityService } from '@/core/entities/ClipEntityService.js';
import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js';
import type { ChannelsRepository, ClipsRepository, FlashsRepository, GalleryPostsRepository, MiMeta, NotesRepository, PagesRepository, ReversiGamesRepository, UserProfilesRepository, UsersRepository } from '@/models/_.js';
import type Logger from '@/logger.js';
import { deepClone } from '@/misc/clone.js';
import { handleRequestRedirectToOmitSearch } from '@/misc/fastify-hook-handlers.js';
import { bindThis } from '@/decorators.js';
import { FlashEntityService } from '@/core/entities/FlashEntityService.js';
Expand Down Expand Up @@ -185,7 +185,7 @@ export class ClientServerService {
infoImageUrl: meta.infoImageUrl ?? 'https://xn--931a.moe/assets/info.jpg',
notFoundImageUrl: meta.notFoundImageUrl ?? 'https://xn--931a.moe/assets/not-found.jpg',
instanceUrl: this.config.url,
metaJson: JSON.stringify(await this.metaEntityService.packDetailed(meta)),
metaJson: htmlSafeJsonStringify(await this.metaEntityService.packDetailed(meta)),
now: Date.now(),
};
}
Expand Down
15 changes: 15 additions & 0 deletions pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 comment on commit 080a3c2

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chromatic detects changes. Please review the changes on Chromatic.

Please sign in to comment.