preact-render-to-string - npm Package Compare versions

Comparing version 3.7.1 to 3.7.2

dist/index.js

@@ -222,2 +222,3 @@ (function (global, factory) {
 	s = '<' + nodeName + s + '>';
+	if (String(nodeName).match(/[\s\n\/='"\0<>]/)) throw s;
 
@@ -224,0 +225,0 @@ if (VOID_ELEMENTS.indexOf(nodeName) > -1) {

dist/jsx.js

@@ -232,2 +232,3 @@ (function (global, factory) {
 	s = '<' + nodeName + s + '>';
+	if (String(nodeName).match(/[\s\n\/='"\0<>]/)) throw s;
 
@@ -234,0 +235,0 @@ if (VOID_ELEMENTS.indexOf(nodeName) > -1) {

package.json

 {
   "name": "preact-render-to-string",
   "amdName": "preactRenderToString",
-  "version": "3.7.1",
+  "version": "3.7.2",
   "description": "Render JSX to an HTML string, with support for Preact components.",
@@ -6,0 +6,0 @@ "main": "dist/index.js",

src/index.js

@@ -165,2 +165,3 @@ import { objectKeys, encodeEntities, falsey, memoize, indent, isLargeString, styleObjToCss, hashToClassName, assign, getNodeProps } from './util';
 	s = `<${nodeName}${s}>`;
+	if (String(nodeName).match(/[\s\n\/='"\0<>]/)) throw s;
 
@@ -167,0 +168,0 @@ if (VOID_ELEMENTS.indexOf(nodeName)>-1) {

test/render.js

@@ -88,2 +88,12 @@ import { render, shallowRender } from '../src';
 
+		it('should throw for invalid nodeName values', () => {
+			expect(() => render(h('div'))).not.to.throw();
+			expect(() => render(h('x-💩'))).not.to.throw();
+			expect(() => render(h('a b'))).to.throw(/<a b>/);
+			expect(() => render(h('a\0b'))).to.throw(/<a\0b>/);
+			expect(() => render(h('a>'))).to.throw(/<a>>/);
+			expect(() => render(h('<'))).to.throw(/<<>/);
+			expect(() => render(h('"'))).to.throw(/<">/);
+		});
+
 		it('should collapse collapsible attributes', () => {
@@ -90,0 +100,0 @@ let rendered = render(<div class="" style="" foo={true} bar />),

No alert changes

Improved metrics

Total package byte prevSize

153598

increased by0.56%

Lines of code

1960

increased by0.62%

No dependency changes