Following #23, #26, #29, #30 where we attempt to stop leaking sensitive information to React APIs (useState, useRef, useEffect, etc), this too addresses this problem by:
Stop leaking the LavaDome instance via useRef and instead keep it in a local variable in scope
Stop leaking the token as a useEffect dependency and instead replace it with a random useless matching identifier string (even though obtaining the token isn't really useful for attackers except for maybe being able to tell LavaDome what string to draw to screen - maybe)
Also, update demo app to easily trigger rerenders for tests
Following #23, #26, #29, #30 where we attempt to stop leaking sensitive information to React APIs (
useState,useRef,useEffect, etc), this too addresses this problem by:useRefand instead keep it in a local variable in scopeuseEffectdependency and instead replace it with a random useless matching identifier string (even though obtaining the token isn't really useful for attackers except for maybe being able to tell LavaDome what string to draw to screen - maybe)Also, update demo app to easily trigger rerenders for tests