Просмотр исходного кода

fix: add comments to clarify JSX embedding for error messages to prevent injection attacks

Shun Miyazawa 7 месяцев назад
Родитель
Сommit
a95b09828b
1 измененных файлов с 2 добавлено и 0 удалено
  1. 2 0
      packages/remark-lsx/src/client/components/Lsx.tsx

+ 2 - 0
packages/remark-lsx/src/client/components/Lsx.tsx

@@ -66,6 +66,8 @@ const LsxSubstance = React.memo(
             <span className="material-symbols-outlined me-1">warning</span>{' '}
             {lsxContext.toString()}
           </summary>
+          {/* Since error messages may contain user-input strings, use JSX embedding as shown below */}
+          {/* https://legacy.reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks */}
           <small className="ms-3 text-muted">{errorMessage}</small>
         </details>
       );