Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: #564 resolves issue with element.replace on non-string elements #565

Merged
merged 1 commit into from
Nov 22, 2024
Merged

fix: #564 resolves issue with element.replace on non-string elements #565

merged 1 commit into from
Nov 22, 2024

Conversation

lawren
Copy link
Contributor

@lawren lawren commented Nov 21, 2024

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

This PR fixes an issue in the cspSsrNonce.ts file where element.replace was called on non-string elements in the html[section] array during nonce injection. This caused a TypeError: element.replace is not a function in SSR mode when third-party libraries, such as PrimeVue, injected non-string elements.

The change introduces a type check to skip non-string elements, ensuring the rendering process doesn’t break and nonce attributes are properly applied to valid elements.

Why is this change required?
This resolves a crash in applications using Nuxt Security with SSR and libraries like PrimeVue.

Resolves: #564

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)
    • Tests are not applicable in this case since the change addresses runtime behavior with specific third-party library interactions. I did, however, verify existing tests.

@vercel Vercel
Copy link

vercel bot commented Nov 21, 2024

@lawren is attempting to deploy a commit to the Baroshem's projects Team on Vercel.

A member of the Team first needs to authorize it.

@lawren lawren mentioned this pull request Nov 21, 2024
Open
vejja
vejja approved these changes Nov 22, 2024
View reviewed changes
Copy link
Collaborator

@vejja vejja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vejja
Copy link
Collaborator

vejja commented Nov 22, 2024

@lawren would you be able to verify if it works now on your side ?
You can use the following stackblitz artefact in your package.json:

{
  "devDependencies": {
    "nuxt-security": "https://pkg.pr.new/Baroshem/[email protected]"
  }
}

@vejja vejja changed the base branch from main to chore/2.1.3 November 22, 2024 11:16
@vejja vejja merged commit 5f508b5 into nuxt-modules:chore/2.1.3 Nov 22, 2024
4 of 5 checks passed
@vejja vejja mentioned this pull request Nov 22, 2024
Merged
6 tasks
@lawren
Copy link
Contributor Author

lawren commented Nov 22, 2024

@vejja verified! Looks good on my end. Really appreciate the quick response on this!

FYI, I just realized the same issue appears to be happening with SRI enabled as well. I am assuming it's the same issue, but just in another nitro plugin. Will try to look into it later today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vejja vejja vejja approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSR nonce injection error: element.replace is not a function with non-string HTML elements
2 participants
@lawren @vejja