diff options
| author | かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> | 2024-02-23 14:10:13 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-23 14:10:13 +0900 |
| commit | 080a3c20bd7f7d6ca7a30fa5a94d8431a6a9c688 (patch) | |
| tree | ef53d6836f0189bda9e4e03ee383e2e909593677 /packages | |
| parent | enhance: `meta`をSSR HTMLに埋め込む (#13436) (diff) | |
| download | sharkey-080a3c20bd7f7d6ca7a30fa5a94d8431a6a9c688.tar.gz sharkey-080a3c20bd7f7d6ca7a30fa5a94d8431a6a9c688.tar.bz2 sharkey-080a3c20bd7f7d6ca7a30fa5a94d8431a6a9c688.zip | |
fix: SSR時のmetaをエスケープするように (#13440)
* fix: SSR時のmetaをエスケープするように
* エスケープ方法を変更
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/backend/package.json | 2 | ||||
| -rw-r--r-- | packages/backend/src/server/web/ClientServerService.ts | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/packages/backend/package.json b/packages/backend/package.json index 3a3d8e0411..1745277b41 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -118,6 +118,7 @@ "got": "14.1.0", "happy-dom": "10.0.3", "hpagent": "1.2.0", + "htmlescape": "^1.1.1", "http-link-header": "1.1.1", "ioredis": "5.3.2", "ip-cidr": "3.1.0", @@ -194,6 +195,7 @@ "@types/color-convert": "2.0.3", "@types/content-disposition": "0.5.8", "@types/fluent-ffmpeg": "2.1.24", + "@types/htmlescape": "^1.1.3", "@types/http-link-header": "1.0.5", "@types/jest": "29.5.11", "@types/js-yaml": "4.0.9", diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index e8908f50ec..b1af0c3df6 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -19,6 +19,7 @@ import fastifyView from '@fastify/view'; import fastifyCookie from '@fastify/cookie'; import fastifyProxy from '@fastify/http-proxy'; import vary from 'vary'; +import htmlSafeJsonStringify from 'htmlescape'; import type { Config } from '@/config.js'; import { getNoteSummary } from '@/misc/get-note-summary.js'; import { DI } from '@/di-symbols.js'; @@ -34,7 +35,6 @@ import { ClipEntityService } from '@/core/entities/ClipEntityService.js'; import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js'; import type { ChannelsRepository, ClipsRepository, FlashsRepository, GalleryPostsRepository, MiMeta, NotesRepository, PagesRepository, ReversiGamesRepository, UserProfilesRepository, UsersRepository } from '@/models/_.js'; import type Logger from '@/logger.js'; -import { deepClone } from '@/misc/clone.js'; import { handleRequestRedirectToOmitSearch } from '@/misc/fastify-hook-handlers.js'; import { bindThis } from '@/decorators.js'; import { FlashEntityService } from '@/core/entities/FlashEntityService.js'; @@ -185,7 +185,7 @@ export class ClientServerService { infoImageUrl: meta.infoImageUrl ?? 'https://xn--931a.moe/assets/info.jpg', notFoundImageUrl: meta.notFoundImageUrl ?? 'https://xn--931a.moe/assets/not-found.jpg', instanceUrl: this.config.url, - metaJson: JSON.stringify(await this.metaEntityService.packDetailed(meta)), + metaJson: htmlSafeJsonStringify(await this.metaEntityService.packDetailed(meta)), now: Date.now(), }; } |