feat: [#0] Adds support for rendering HTML strings #1944
Conversation
…o add-support-for-server-rendering-html-strings
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if (!match[7] || match[7] === 'esm') { | ||
| resolvableCircularImports.push({ url, properties }); | ||
| } | ||
| newCodeStart += `let {${properties.map((property) => (property.alias ? `"${property.name.replace(/"/g, '\\"')}": ${property.alias}` : property.name)).join(', ')}} = $happy_dom.imports.get('${url}')${match[8]}`; |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
The best way to fix the issue is to ensure that both double quotes (") and backslashes (\) in the property name are escaped when embedding a property name within double quotes in generated JavaScript code. This should be done using a regular expression replacement that first escapes backslashes and then double quotes, in that order (str.replace(/\\/g, '\\\\').replace(/"/g, '\\"')). This is necessary to prevent any special meaning or accidental termination of the quoted string in the output. The fix is limited to line 269 in packages/happy-dom/src/module/ECMAScriptModuleCompiler.ts, within the map for property names. No new methods are needed; only the replacement logic in the string interpolation is changed, and no new imports are required.
| @@ -266,7 +266,7 @@ | ||
| if (!match[7] || match[7] === 'esm') { | ||
| resolvableCircularImports.push({ url, properties }); | ||
| } | ||
| newCodeStart += `let {${properties.map((property) => (property.alias ? `"${property.name.replace(/"/g, '\\"')}": ${property.alias}` : property.name)).join(', ')}} = $happy_dom.imports.get('${url}')${match[8]}`; | ||
| newCodeStart += `let {${properties.map((property) => (property.alias ? `"${property.name.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}": ${property.alias}` : property.name)).join(', ')}} = $happy_dom.imports.get('${url}')${match[8]}`; | ||
| } else if (importMatch[2]) { | ||
| // Import all as | ||
| newCodeStart += `const ${importMatch[2]} = $happy_dom.imports.get('${url}')${match[8]}`; |
| if (match[11]) { | ||
| newCode += match[0].replace(EXPORT_DEFAULT_REGEXP, ''); | ||
| newCodeEnd += `$happy_dom.exports.default = ${name};\n`; | ||
| } else { |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the problem, change the string .replace('*', '') to use a regex with the global flag: .replace(/\*/g, ''). This ensures that all asterisks in the string are replaced, not just the first occurrence.
- Only update the specific line in
packages/happy-dom/src/module/ECMAScriptModuleCompiler.tswherematch[14].replace('*', '')occurs (line 333). - No new imports are required, as JavaScript RegExp literals are built-in.
| @@ -330,7 +330,7 @@ | ||
| ) { | ||
| // Export function or class type | ||
|
|
||
| const name = match[14].replace('*', ''); | ||
| const name = match[14].replace(/\*/g, ''); | ||
|
|
||
| if (name) { | ||
| if (match[11]) { |
| if (exportName && importName) { | ||
| exportCode.push(`$happy_dom.exports['${exportName}'] = ${importName}`); | ||
| } | ||
| } |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| : packageJson.exports[key].import; | ||
| if (importEntry) { | ||
| const regExp = new RegExp( | ||
| `^${key.replace('./', '').replace('.', '\\.').replace('*', '(.*)')}$` |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 days ago
To generically escape or encode all occurrences of the meta-character *, replace .replace('*', '(.*)') with .replace(/\*/g, '(.*)'). This ensures every occurrence of * in the key is handled, producing a regular expression that matches all wildcards in the package export key. The change should be made on line 160 in packages/happy-dom/src/module/ModuleURLUtility.ts. No additional imports or new library dependencies are required, as this uses native JavaScript RegExp functionality.
| @@ -157,7 +157,7 @@ | ||
| : packageJson.exports[key].import; | ||
| if (importEntry) { | ||
| const regExp = new RegExp( | ||
| `^${key.replace('./', '').replace('.', '\\.').replace('*', '(.*)')}$` | ||
| `^${key.replace('./', '').replace('.', '\\.').replace(/\*/g, '(.*)')}$` | ||
| ); | ||
| const match = subPath.match(regExp); | ||
| if (match) { |
| ); | ||
| const match = subPath.match(regExp); | ||
| if (match) { | ||
| const resolvedSubPath = importEntry.replace('./', '').replace('*', match[1]); |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 days ago
To correctly replace all instances of the asterisk (*) in importEntry, use the .replace() method with a global regular expression: .replace(/\*/g, match[1]). This change ensures that all wildcard characters are replaced with the intended value, not just the first occurrence. The fix should only modify line 164 within the method, updating the replacement logic. No new imports or definitions are required.
| @@ -161,7 +161,7 @@ | ||
| ); | ||
| const match = subPath.match(regExp); | ||
| if (match) { | ||
| const resolvedSubPath = importEntry.replace('./', '').replace('*', match[1]); | ||
| const resolvedSubPath = importEntry.replace('./', '').replace(/\*/g, match[1]); | ||
| const resolvedURL = `${baseURL}${packageName}/${resolvedSubPath}`; | ||
| this.nodeModuleResolveCache.set(url, resolvedURL); | ||
| return resolvedURL; |
No description provided.