File tree Expand file tree Collapse file tree 1 file changed +32
-1
lines changed
packages/angular/build/src/utils/server-rendering Expand file tree Collapse file tree 1 file changed +32
-1
lines changed Original file line number Diff line number Diff line change @@ -20,6 +20,35 @@ export const SERVER_APP_ENGINE_MANIFEST_FILENAME = 'angular-app-engine-manifest.
20
20
21
21
const MAIN_SERVER_OUTPUT_FILENAME = 'main.server.mjs' ;
22
22
23
+ /**
24
+ * A mapping of unsafe characters to their escaped Unicode equivalents.
25
+ */
26
+ const UNSAFE_CHAR_MAP : Record < string , string > = {
27
+ '<' : '\\u003C' ,
28
+ '>' : '\\u003E' ,
29
+ '/' : '\\u002F' ,
30
+ '\\' : '\\\\' ,
31
+ '\b' : '\\b' ,
32
+ '\f' : '\\f' ,
33
+ '\n' : '\\n' ,
34
+ '\r' : '\\r' ,
35
+ '\t' : '\\t' ,
36
+ '\0' : '\\0' ,
37
+ '\u2028' : '\\u2028' ,
38
+ '\u2029' : '\\u2029' ,
39
+ } ;
40
+
41
+ /**
42
+ * Escapes unsafe characters in a given string by replacing them with
43
+ * their Unicode escape sequences.
44
+ *
45
+ * @param str - The string to be escaped.
46
+ * @returns The escaped string where unsafe characters are replaced.
47
+ */
48
+ function escapeUnsafeChars ( str : string ) : string {
49
+ return str . replace ( / [ < > \b \f \n \r \t \0 \u2028 \u2029 ] / g, ( c ) => UNSAFE_CHAR_MAP [ c ] ) ;
50
+ }
51
+
23
52
/**
24
53
* Generates the server manifest for the App Engine environment.
25
54
*
@@ -120,7 +149,9 @@ export function generateAngularServerAppManifest(
120
149
file . path === INDEX_HTML_CSR ||
121
150
( inlineCriticalCss && file . path . endsWith ( '.css' ) )
122
151
) {
123
- serverAssetsContent . push ( `['${ file . path } ', async () => ${ JSON . stringify ( file . text ) } ]` ) ;
152
+ serverAssetsContent . push (
153
+ `['${ file . path } ', async () => ${ escapeUnsafeChars ( JSON . stringify ( file . text ) ) } ]` ,
154
+ ) ;
124
155
}
125
156
}
126
157
You can’t perform that action at this time.
0 commit comments