Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malformed Style JavaScript objects put CSS in the global scope #3220

Open
matyasf opened this issue Jul 22, 2024 · 0 comments
Open

Malformed Style JavaScript objects put CSS in the global scope #3220

matyasf opened this issue Jul 22, 2024 · 0 comments
Labels
feature request needs triage

Comments

@matyasf
Copy link

matyasf commented Jul 22, 2024

The problem

Malformed CSS syntax makes Emotion behave in erroneous ways causing it to insert CSS into the global scope messing up styles (maybe also a security issue?)

Proposed solution

Make the JS parser fail/emit errors if the CSS value is invalid

How to reproduce

In this CodeSandbox: https://codesandbox.io/s/emotion-forked-2h978y?file=/index.js inspect the <style> tags inserted to to the <head> element, there is one in the global scope: :hover>[class$=-button]{background:red;} (easier to see in a new window here: https://2h978y.csb.app/ ) The reason is that the JS above it in the code is malformed: boxShadow: "11px 5px 5px red}" (notice the extra '}') which causes Emotion not to emit the full CSS selector which is something like .css-gvsb18-button:hover>[class$=-button]{background:red;}
@matyasf matyasf changed the title Malformed Style JavaScript objects put JS in the global scope Malformed Style JavaScript objects put CSS in the global scope Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matyasf