Dev server error page: HTML in code comments gets rendered in error message (no escaping of <) #12191
Labels
- P3: minor bug
An edge case that only affects very specific usage (priority)
feat: errors
Related to error handling / messages (scope)
Astro Info
If this issue only occurs in one browser, which browser is a problem?
No response
Describe the Bug
It's a minor issue that only happens in development, so not a big deal.
This code in my editor with a syntax error:
Led to this dev stacktrace:
I made a StackBlitz, if you edit the code on the left you can see the input element blinking into existence on the page, and the window.alert() code seems to be run on the server (as it shows a hint about browser APIs?) which doesn't sound great because that code is in a comment in the original file.
https://stackblitz.com/edit/github-ncvven?file=src%2Fcomponents%2FCounter.vue
GIF of what I see on my screen:
I initially made the report above some time ago, today I also recreated the same issue in an updated StackBlitz: https://stackblitz.com/edit/withastro-astro-qrcwoa?file=src%2Fcomponents%2FCounter.vue
This latest one has the latest versions of Astro and Vue, and its
astro info
is reported above.What's the expected result?
Code in comments should not be rendered or executed.
Link to Minimal Reproducible Example
https://stackblitz.com/edit/withastro-astro-qrcwoa?file=src%2Fcomponents%2FCounter.vue
Participation
The text was updated successfully, but these errors were encountered: