Skip to content

feat(core): whitelist styles with useHeadSafe() #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 14, 2025
Merged

feat(core): whitelist styles with useHeadSafe() #491

merged 2 commits into from
Feb 14, 2025

Conversation

harlan-zw
Copy link
Collaborator

@harlan-zw harlan-zw commented Feb 13, 2025
edited
Loading

πŸ”— Linked issue

❓ Type of change

  • πŸ“– Documentation (updates to the documentation or readme)
  • 🐞 Bug fix (a non-breaking change that fixes an issue)
  • πŸ‘Œ Enhancement (improving an existing functionality)
  • ✨ New feature (a non-breaking change that adds functionality)
  • 🧹 Chore (updates to the build process or auxiliary tools and libraries)
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

πŸ“š Description

Allows the use of styles with useHeadSafe() as modern browsers won't allow XSS injection in style tags.

While styles are permitted it's important to note that clickjacking is still possible. You should ensure that your styles are safe to use.

@github-actions GitHub Actions
Copy link
Contributor

Bundle Size Analysis

File Size Gzipped Size Size Diff Gzipped Size Diff
Client 12.5 kB (12834 B) 5 kB (5157 B) 0.00% (0 B) 0.00% ( 0 B)
Server 9.9 kB (10111 B) 4 kB (4072 B) 0.00% (0 B) 0.00% ( 0 B)

@harlan-zw harlan-zw merged commit e4b1ff6 into main Feb 14, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@harlan-zw