react-script-editor - cannot add two body

[RickyLeungFWD]

Disclaimer

Yes

Sample

react-script-editor

Contributor(s)

@wobba @salascz @felixbohnacker

What happened?

And we are not looking for perfect bug prevention offering from the "Javascript Editor", but 2 tags issue indicates that the "Javascript Editor" have high risk of insecure html code injection.

Steps to reproduce

1. Add the scripts to the "Script Editor", save, and publish

2. open the page, the invalid formatted html is loaded to the page.

javascript inject testing

Expected behavior

invalid html should not be loaded successfully.

Target SharePoint environment

SharePoint Online

Developer environment

Windows

Browsers

• [ ] Internet Explorer
• [ ] Microsoft Edge
• [ ] Google Chrome
• [ ] FireFox
• [ ] Safari
• [ ] mobile (iOS/iPadOS)
• [ ] mobile (Android)
• [ ] not applicable
• [ ] other (enter in the "Additional environment details" area below)

What version of Node.js is currently installed on your workstation?

we only is sharepoint online does not work

What version of Node.js is required by the sample?

we only is sharepoint online does not work

Paste the results of SPFx doctor

run this on sharepoint admin site?

Additional environment details

No response

[wobba]

😂 sorry for the laugh emoji, but this web part is all about script/html/css injection, and why you should not use it in the first place. Called out in the readme https://github.com/pnp/sp-dev-fx-webparts/blob/main/samples/react-script-editor/README.md#deploy-to-non-script-sites--modern-team-sites

And you can inject on any tag as the entire DOM is available.

[RickyLeungFWD]

😂 sorry for the laugh emoji, but this web part is all about script/html/css injection, and why you should not use it in the first place. Called out in the readme https://github.com/pnp/sp-dev-fx-webparts/blob/main/samples/react-script-editor/README.md#deploy-to-non-script-sites--modern-team-sites

And you can inject on any tag as the entire DOM is available.

yes i understand