Skip to content

fix: #564 resolves issue with element.replace on non-string elements#565

Merged
vejja merged 1 commit intoBaroshem:chore/2.1.3from
lawren:issue-564
Nov 22, 2024
Merged

fix: #564 resolves issue with element.replace on non-string elements#565
vejja merged 1 commit intoBaroshem:chore/2.1.3from
lawren:issue-564

Conversation

@lawren
Copy link
Copy Markdown
Contributor

@lawren lawren commented Nov 21, 2024

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

This PR fixes an issue in the cspSsrNonce.ts file where element.replace was called on non-string elements in the html[section] array during nonce injection. This caused a TypeError: element.replace is not a function in SSR mode when third-party libraries, such as PrimeVue, injected non-string elements.

The change introduces a type check to skip non-string elements, ensuring the rendering process doesn’t break and nonce attributes are properly applied to valid elements.

Why is this change required?
This resolves a crash in applications using Nuxt Security with SSR and libraries like PrimeVue.

Resolves: #564

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)
    • Tests are not applicable in this case since the change addresses runtime behavior with specific third-party library interactions. I did, however, verify existing tests.

@vercel
Copy link
Copy Markdown

vercel bot commented Nov 21, 2024

@lawren is attempting to deploy a commit to the Baroshem's projects Team on Vercel.

A member of the Team first needs to authorize it.

@lawren lawren mentioned this pull request Nov 21, 2024
Open
vejja
vejja approved these changes Nov 22, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@vejja vejja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vejja
Copy link
Copy Markdown
Collaborator

vejja commented Nov 22, 2024

@lawren would you be able to verify if it works now on your side ?
You can use the following stackblitz artefact in your package.json:

{
  "devDependencies": {
    "nuxt-security": "https://pkg.pr.new/Baroshem/[email protected]"
  }
}

@vejja vejja changed the base branch from main to chore/2.1.3 November 22, 2024 11:16
@vejja vejja merged commit 5f508b5 into Baroshem:chore/2.1.3 Nov 22, 2024
@vejja vejja mentioned this pull request Nov 22, 2024
Merged
6 tasks
@lawren
Copy link
Copy Markdown
Contributor Author

lawren commented Nov 22, 2024

@vejja verified! Looks good on my end. Really appreciate the quick response on this!

FYI, I just realized the same issue appears to be happening with SRI enabled as well. I am assuming it's the same issue, but just in another nitro plugin. Will try to look into it later today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vejja vejja vejja approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SSR nonce injection error: element.replace is not a function with non-string HTML elements

2 participants

@lawren @vejja