React-redux window.initialReduxState does not escape angled brackets #110

New Issue

Closed

opened 2025-08-09 17:15:02 +00:00 by fergalmoran · 0 comments

fergalmoran commented 2025-08-09 17:15:02 +00:00

Owner

Copy Link

Originally created by @McAroon on 3/29/2018

When server prerendering is enabled, writing something like </script><script>alert(1)</script> into a redux state variable will result in script execution and page breakage.
Is there a way to fix this or if not what would be the best workaround?

*Originally created by @McAroon on 3/29/2018* When server prerendering is enabled, writing something like `</script><script>alert(1)</script>` into a redux state variable will result in script execution and page breakage. Is there a way to fix this or if not what would be the best workaround?

fergalmoran closed this issue 2025-08-09 17:15:02 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

rybrande/masterToSrc

pakrym/no-console-fb

release/2.2

pakrym/remove-obsole-api-usage

maestro/release/2.2

maestro/master

release/2.1

release/2.0

rybrande/MergeRelease21IntoDev

rel/2.0.0-extensions

angular-animations-example

fix-angular-material-publishing

rel/2.0.0-templates

httpwithstatetransfer-example

rel/2.0.0-preview2-templates

aspnet-webpack-react-2.x

angular4-prerender-data-example

version-1.x

angular2-lazy-loading-example

581-isomorphic-react-cookies-example

example-using-typescript-paths-for-494

v1.0.x

angular2-materialize-example

redux-typed-1-x

primeng-example

font-awesome-example

karma-testing-example

2.2.0

2.2.0-preview3

2.2.0-preview2

2.2.0-preview1

2.1.1

2.1.0

2.0.4

2.1.0-rc1-final

2.1.0-preview2-final

2.0.3

2.1.0-preview1-final

2.0.2

2.0.1

rel/2.0.0

rel/2.0.0-preview2

Labels

Clear labels

2 - Working

2 - Working

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

angular

angular

angular

angular

angular

bug

bug

bug

bug

bug

bug

bug

bug

bug

core

core

core

core

core

core

core

duplicate

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

external

external

P1

P1

P1

P1

P1

P1

P2

P2

P2

P2

P2

P2

P2

P2

P2

PRI: 1 - Required

react

react

task

task

up-for-grabs

up-for-grabs

up-for-grabs

waiting

waiting

waiting

waiting

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

fergalmoran

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/JavaScriptServices#110

No description provided.