Escaped html tag becomes unescaped unexpectedly

clvs7-gh commented 5 years ago

Description

If this plugin is enabled, escaped html (ex. '<' or '>' ) becomes unescaped. So, this behavior makes unexpected output, and maybe causes potential bug.

For example:

Before

<html>
<body>
&lt;h1&gt;This is not h1.&lt;h1&gt;
</body>
</html>

After

<html>
<body>
<h1>This is not h1.</h1>
</body>
</html>

Also I found below issue (cheerio's one). This plugin uses cheerio, so it seems below issue is root cause. https://github.com/cheeriojs/cheerio/issues/1219

Do you have any solutions?

What type of issue is this? (place an `x` in one of the `[ ]`)

[x] bug
[ ] enhancement (feature request)
[ ] question
[ ] documentation related
[ ] testing related
[ ] discussion

Requirements (place an `x` in each of the `[ ]`)

[x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
[x] I've read and agree to the Code of Conduct.
[x] I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

slackhq/csp-html-webpack-plugin version: 3.0.2

node version: v12.4.0

OS version(s): ArchLinux (latest)

Steps to reproduce:

Add new CspHtmlWebpackPlugin() to webpack config to enable this plugin
Build html which containing escaped html
Unescaped html will be out.
Remove (1.) config and rebuild
Escaped html will be out. So, I think this behavior is caused by this plugin,

Expected result:

Escaped html should be escaped.

Actual result:

Escaped html becomes unescaped.

Attachments:

My webpack config (plugins section):

        plugins: [
            new MiniCssExtractPlugin({
                filename: 'style/style-[hash].css'
            }),
            new HtmlWebpackPlugin({
                filename: 'index.html',
                template: path.join(__dirname, 'src', 'index.html')
            }),
            new CspHtmlWebpackPlugin(),
            new CopyWebpackPlugin([
                {from: path.join(__dirname, 'src', 'favicon.ico'), to: './'},
                {from: path.join(__dirname, 'src', 'images'), to: 'images'},
            ]),
        ]

AnujRNair commented 5 years ago

Hello! Thanks for reporting this issue At the moment, we are dependant on the cheerio library for processing our HTML -- if there is an issue in the cheerio library then this webpack plugin will be subject to its functionality too I will keep an eye on the linked issue - once it has been fixed there, I will upgrade cheerio so that this issue can be resolved.

AnujRNair commented 3 years ago

Fixed in https://github.com/slackhq/csp-html-webpack-plugin/pull/75

slackhq / csp-html-webpack-plugin