search

preactjs / wmr

👩‍🚀 The tiny all-in-one development tool for modern web apps.
https://wmr.dev/
MIT License
4.92k stars 109 forks source link

Prerender: regexp capturing group replaces any instance of $1 (etc.) #912

Closed danielweck closed 2 years ago

danielweck commented 2 years ago

Ouch! When the string $1 occurs anywhere in headHtml or body ... every instance of $1 gets replaced by the captured group:

https://github.com/preactjs/wmr/blob/11663db6104171bcebd434ad4443e1fcb3dcea68/packages/wmr/src/lib/prerender.js#L214

https://github.com/preactjs/wmr/blob/11663db6104171bcebd434ad4443e1fcb3dcea68/packages/wmr/src/lib/prerender.js#L217

I realised this when I injected hydration data into the HTML head, luckily so far none of my pre-rendered webpages' body markup contained $1 :)

danielweck commented 2 years ago

My current workaround: str.replace(/\$1/g, '$') works for result.html but fails for result.data as the escaped sequence doesn't actually get decoded by the browser.

developit commented 2 years ago

ah, good catch!