Closed romandecker closed 4 years ago
Nice! Thanks for the report. Indeed we'll want the item set to only be a valid JSON object.
Oh I misread, I thought you were setting the whole item to a string with "" but I just realized you're setting just the 'name' property.
This should be released later today.
There's a potential XSS problem when using this library with server-side-rendering (which is arguably one of the most prominent use-cases to render json-ld):
This will result in an alert being shown when accessing http://localhost:2000. Here's a repo to quickly reproduce the issue: https://github.com/DeX3/react-schemaorg-ssr-xss-poc