Following #23, #26, #29, #30 where we attempt to stop leaking sensitive information to React APIs (useState, useRef, useEffect, etc), this too addresses this problem by:
Stop leaking the LavaDome instance via useRef and instead keep it in a local variable in scope
Stop leaking the token as a useEffect dependency and instead replace it with a random useless matching identifier string (even though obtaining the token isn't really useful for attackers except for maybe being able to tell LavaDome what string to draw to screen - maybe)
Also, update demo app to easily trigger rerenders for tests
Following #23, #26, #29, #30 where we attempt to stop leaking sensitive information to React APIs (
useState
,useRef
,useEffect
, etc), this too addresses this problem by:useRef
and instead keep it in a local variable in scopeuseEffect
dependency and instead replace it with a random useless matching identifier string (even though obtaining the token isn't really useful for attackers except for maybe being able to tell LavaDome what string to draw to screen - maybe)Also, update demo app to easily trigger rerenders for tests