|
|
|
|
|
|
by minitech
2354 days ago
|
|
|
Given a correct function that converts a JSON-representable value to embed-safe JSON, you can use it on the JSON to get your JSON.parse performance: const inlineJSON = data =>
JSON.stringify(data)
.replace(/\u2028/g, '\\u2028')
.replace(/\u2029/g, '\\u2029')
.replace(/</g, '\\x3c');
with: const escapedReduxStateJsonString = inlineJSON(JSON.stringify(data));
But yeah, the isolated <script> thing is usually even better (more compact in addition to the security benefit). |
|
|