Skip to content

Container API: render component contains a <script> tag will leak the local file path #13487

@drag0n-app

Description

@drag0n-app

Astro Info

Astro                    v5.5.4
Node                     v22.11.0
System                   macOS (arm64)
Package Manager          pnpm
Output                   server
Adapter                  @astrojs/node
Integrations             none

If this issue only occurs in one browser, which browser is a problem?

No response

Describe the Bug

I want to render an Astro component into a string and return it to the client. When I use renderToString() for rendering, if the Astro component contains a <script> tag, Astro renders it into a string like this:

<script type="module" src="/Users/xxx/projects/test/src/components/Item.astro?astro&type=script&index=0&lang.ts"></script>

This exposes my username to the client. Could an option be added, such as "ignoreScript" "delScript" or "noScript", to ignore the <script> tag and only render the HTML code and CSS styles?

Currently, I can only remove the contents of the <script> tag using regular expressions and then return the result.

Test code:

//src/pages/index.astro
---
import Item from '../components/Item.astro';
import { experimental_AstroContainer } from 'astro/container';


const container = await experimental_AstroContainer.create();
const html = await container.renderToString(Item, { props: { data: 'hello' } });
return new Response(html, { status: 200 });
---

//src/components/Item.astro
---
const {data} = Astro.props
---
<p>MODE: {import.meta.env.MODE}</p>
<p>{data}</p>
<script>console.log('hello')</script>

Build and preview:

<p>MODE: production</p> <p>hello</p> <script type="module" src="/Users/xxx/projects/test/src/components/Item.astro?astro&type=script&index=0&lang.ts"></script>

What's the expected result?

Remove the <script> tag or hide the local file path.

Link to Minimal Reproducible Example

https://stackblitz.com/edit/github-dqah1dbt?file=src%2Fpages%2Findex.astro

Participation

  • I am willing to submit a pull request for this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs triageIssue needs to be triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions