Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

props-json potential security risk? #9

Open
rybon opened this issue Apr 18, 2019 · 2 comments
Open

props-json potential security risk? #9

rybon opened this issue Apr 18, 2019 · 2 comments

Comments

@rybon
Copy link
Contributor

rybon commented Apr 18, 2019

Perhaps point users towards https://github.com/yahoo/serialize-javascript just to be careful?
@rstacruz
Copy link
Owner

Thanks for the report, and your contributions!

Hmm, serialize-javascript seems like it might make things even worse by allowing more things in other than Objects and Arrays. Can you explain more?

@rybon
Copy link
Contributor Author

rybon commented Apr 23, 2019

If users serialize arbitrary JSON to use in props-json, that might pose a security risk. serialize-javascript is basically an enhanced JSON.stringify that automatically escapes potentially unsafe values to prevent XSS. We could add it as a suggestion to the docs.

rybon added a commit to rybon/remount that referenced this issue Apr 23, 2019
@rybon
props-json security tip
4541f1f 
Fixes rstacruz#9.
@rybon rybon mentioned this issue Apr 23, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

props-json security tip rybon/remount
2 participants
@rstacruz @rybon