Double encodes html entities (`&`, ` `, etc) - Githubissues

slackhq / csp-html-webpack-plugin

A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.

MIT License

164 stars 39 forks source link

Double encodes html entities (`&`, ` `, etc) #125

Open eamodio opened 1 month ago

eamodio commented 1 month ago

Description

Describe your issue here.

What type of issue is this? (place an `x` in one of the `[ ]`)

[x] bug
[ ] enhancement (feature request)
[ ] question
[ ] documentation related
[ ] testing related
[ ] discussion

Requirements (place an `x` in each of the `[ ]`)

[x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
[x] I've read and agree to the Code of Conduct.
[x] I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

slackhq/csp-html-webpack-plugin version: v5.1.0

node version: v20.11.1

OS version(s): all

Seems to have broken sometime recently, I'm guessing it is related to https://github.com/slackhq/csp-html-webpack-plugin/pull/75

Steps to reproduce:

Have html entities (&,  , etc) in your html template file

Expected result:

Observe html entities are unaffected

Actual result:

Observe that they get double encoded, & becomes &amp;,   becomes &nbsp;

Attachments:

OSS project: https://github.com/gitkraken/vscode-gitlens can see when the settings.html file gets built (https://github.com/gitkraken/vscode-gitlens/blob/e3795f8a80eb43b91b3c7736d7705c6316b921f7/webpack.config.mjs#L323)

nzaytsev commented 1 month ago

It looks like it's caused by wrong version of cheerio transitive dependency. Version 1.0.0 is fetched by default when run npm i | yarn | pnpm i, but ^1.0.0-rc.5 is required