Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev server error page: HTML in code comments gets rendered in error message (no escaping of <) #12191

Open
1 task
belluzj opened this issue Oct 11, 2024 · 0 comments · May be fixed by #12305
Open
1 task

Dev server error page: HTML in code comments gets rendered in error message (no escaping of <) #12191

belluzj opened this issue Oct 11, 2024 · 0 comments · May be fixed by #12305
Assignees
Labels
- P3: minor bug An edge case that only affects very specific usage (priority) feat: errors Related to error handling / messages (scope)

Comments

@belluzj
Copy link
Contributor

belluzj commented Oct 11, 2024

Astro Info

Astro                    v4.16.0
Node                     v18.20.3
System                   Linux (x64)
Package Manager          unknown
Output                   static
Adapter                  none
Integrations             @astrojs/vue

If this issue only occurs in one browser, which browser is a problem?

No response

Describe the Bug

It's a minor issue that only happens in development, so not a big deal.

This code in my editor with a syntax error:
image

Led to this dev stacktrace:
image

I made a StackBlitz, if you edit the code on the left you can see the input element blinking into existence on the page, and the window.alert() code seems to be run on the server (as it shows a hint about browser APIs?) which doesn't sound great because that code is in a comment in the original file.

https://stackblitz.com/edit/github-ncvven?file=src%2Fcomponents%2FCounter.vue

GIF of what I see on my screen:
344970260-0c0be2fa-6468-4315-ab8d-793ea11bc886

I initially made the report above some time ago, today I also recreated the same issue in an updated StackBlitz: https://stackblitz.com/edit/withastro-astro-qrcwoa?file=src%2Fcomponents%2FCounter.vue

This latest one has the latest versions of Astro and Vue, and its astro info is reported above.

What's the expected result?

Code in comments should not be rendered or executed.

Link to Minimal Reproducible Example

https://stackblitz.com/edit/withastro-astro-qrcwoa?file=src%2Fcomponents%2FCounter.vue

Participation

  • I am willing to submit a pull request for this issue.
@github-actions github-actions bot added the needs triage Issue needs to be triaged label Oct 11, 2024
@florian-lefebvre florian-lefebvre added - P3: minor bug An edge case that only affects very specific usage (priority) feat: errors Related to error handling / messages (scope) and removed needs triage Issue needs to be triaged labels Oct 22, 2024
@florian-lefebvre florian-lefebvre self-assigned this Oct 23, 2024
@florian-lefebvre florian-lefebvre linked a pull request Oct 25, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
- P3: minor bug An edge case that only affects very specific usage (priority) feat: errors Related to error handling / messages (scope)
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants