npm - @sveltejs/kit - Versions diffs - 1.0.0-next.178 → 1.0.0-next.179 - Mend

@sveltejs/kit 1.0.0-next.178 → 1.0.0-next.179

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/assets/runtime/internal/start.js +1 -1
package/dist/cli.js +2 -2
package/dist/ssr.js +87 -53
package/package.json +1 -1

package/assets/runtime/internal/start.js CHANGED Viewed

@@ -412,7 +412,7 @@ function page_store(value) {
 function initial_fetch(resource, opts) {
 	const url = typeof resource === 'string' ? resource : resource.url;
-	let selector = `script[data-type="svelte-data"][data-url="${url}"]`;
+	let selector = `script[data-type="svelte-data"][data-url=${JSON.stringify(url)}]`;
 	if (opts && typeof opts.body === 'string') {
 		selector += `[data-body="${hash(opts.body)}"]`;

package/dist/cli.js CHANGED Viewed

@@ -817,7 +817,7 @@ async function launch(port, https) {
 	exec(`${cmd} ${https ? 'https' : 'http'}://localhost:${port}`);
 }
-const prog = sade('svelte-kit').version('1.0.0-next.178');
+const prog = sade('svelte-kit').version('1.0.0-next.179');
 prog
 	.command('dev')
@@ -966,7 +966,7 @@ async function check_port(port) {
 function welcome({ port, host, https, open }) {
 	if (open) launch(port, https);
-	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.178'}\n`));
+	console.log($.bold().cyan(`\n  SvelteKit v${'1.0.0-next.179'}\n`));
 	const protocol = https ? 'https:' : 'http:';
 	const exposed = typeof host !== 'undefined' && host !== 'localhost' && host !== '127.0.0.1';

package/dist/ssr.js CHANGED Viewed

@@ -106,7 +106,7 @@ async function render_endpoint(request, route, match) {
 var chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_$';
 var unsafeChars = /[<>\b\f\n\r\t\0\u2028\u2029]/g;
 var reserved = /^(?:do|if|in|for|int|let|new|try|var|byte|case|char|else|enum|goto|long|this|void|with|await|break|catch|class|const|final|float|short|super|throw|while|yield|delete|double|export|import|native|return|switch|throws|typeof|boolean|default|extends|finally|package|private|abstract|continue|debugger|function|volatile|interface|protected|transient|implements|instanceof|synchronized)$/;
-var escaped$1 = {
+var escaped = {
     '<': '\\u003C',
     '>': '\\u003E',
     '/': '\\u002F',
@@ -287,7 +287,7 @@ function getType(thing) {
     return Object.prototype.toString.call(thing).slice(8, -1);
 }
 function escapeUnsafeChar(c) {
-    return escaped$1[c] || c;
+    return escaped[c] || c;
 }
 function escapeUnsafeChars(str) {
     return str.replace(unsafeChars, escapeUnsafeChar);
@@ -306,8 +306,8 @@ function stringifyString(str) {
         if (char === '"') {
             result += '\\"';
         }
-        else if (char in escaped$1) {
-            result += escaped$1[char];
+        else if (char in escaped) {
+            result += escaped[char];
         }
         else if (code >= 0xd800 && code <= 0xdfff) {
             var next = str.charCodeAt(i + 1);
@@ -399,6 +399,85 @@ function hash(value) {
 	return (hash >>> 0).toString(36);
 }
+/** @type {Record<string, string>} */
+const escape_json_string_in_html_dict = {
+	'"': '\\"',
+	'<': '\\u003C',
+	'>': '\\u003E',
+	'/': '\\u002F',
+	'\\': '\\\\',
+	'\b': '\\b',
+	'\f': '\\f',
+	'\n': '\\n',
+	'\r': '\\r',
+	'\t': '\\t',
+	'\0': '\\0',
+	'\u2028': '\\u2028',
+	'\u2029': '\\u2029'
+};
+/** @param {string} str */
+function escape_json_string_in_html(str) {
+	return escape(
+		str,
+		escape_json_string_in_html_dict,
+		(code) => `\\u${code.toString(16).toUpperCase()}`
+	);
+}
+/** @type {Record<string, string>} */
+const escape_html_attr_dict = {
+	'<': '&lt;',
+	'>': '&gt;',
+	'"': '&quot;'
+};
+/**
+ * use for escaping string values to be used html attributes on the page
+ * e.g.
+ * <script data-url="here">
+ *
+ * @param {string} str
+ * @returns string escaped string
+ */
+function escape_html_attr(str) {
+	return '"' + escape(str, escape_html_attr_dict, (code) => `&#${code};`) + '"';
+}
+/**
+ *
+ * @param str {string} string to escape
+ * @param dict {Record<string, string>} dictionary of character replacements
+ * @param unicode_encoder {function(number): string} encoder to use for high unicode characters
+ * @returns {string}
+ */
+function escape(str, dict, unicode_encoder) {
+	let result = '';
+	for (let i = 0; i < str.length; i += 1) {
+		const char = str.charAt(i);
+		const code = char.charCodeAt(0);
+		if (char in dict) {
+			result += dict[char];
+		} else if (code >= 0xd800 && code <= 0xdfff) {
+			const next = str.charCodeAt(i + 1);
+			// If this is the beginning of a [high, low] surrogate pair,
+			// add the next two characters, otherwise escape
+			if (code <= 0xdbff && next >= 0xdc00 && next <= 0xdfff) {
+				result += char + str[++i];
+			} else {
+				result += unicode_encoder(code);
+			}
+		} else {
+			result += char;
+		}
+	}
+	return result;
+}
 const s$1 = JSON.stringify;
 // TODO rename this function/module
@@ -564,7 +643,9 @@ async function render_response({
 			${serialized_data
 				.map(({ url, body, json }) => {
-					let attributes = `type="application/json" data-type="svelte-data" data-url="${url}"`;
+					let attributes = `type="application/json" data-type="svelte-data" data-url=${escape_html_attr(
+						url
+					)}`;
 					if (body) attributes += ` data-body="${hash(body)}"`;
 					return `<script ${attributes}>${json}</script>`;
@@ -921,7 +1002,7 @@ async function load_node({
 									fetched.push({
 										url,
 										body: /** @type {string} */ (opts.body),
-										json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":${escape(body)}}`
+										json: `{"status":${response.status},"statusText":${s(response.statusText)},"headers":${s(headers)},"body":"${escape_json_string_in_html(body)}"}`
 									});
 								}
@@ -985,53 +1066,6 @@ async function load_node({
 	};
 }
-/** @type {Record<string, string>} */
-const escaped = {
-	'<': '\\u003C',
-	'>': '\\u003E',
-	'/': '\\u002F',
-	'\\': '\\\\',
-	'\b': '\\b',
-	'\f': '\\f',
-	'\n': '\\n',
-	'\r': '\\r',
-	'\t': '\\t',
-	'\0': '\\0',
-	'\u2028': '\\u2028',
-	'\u2029': '\\u2029'
-};
-/** @param {string} str */
-function escape(str) {
-	let result = '"';
-	for (let i = 0; i < str.length; i += 1) {
-		const char = str.charAt(i);
-		const code = char.charCodeAt(0);
-		if (char === '"') {
-			result += '\\"';
-		} else if (char in escaped) {
-			result += escaped[char];
-		} else if (code >= 0xd800 && code <= 0xdfff) {
-			const next = str.charCodeAt(i + 1);
-			// If this is the beginning of a [high, low] surrogate pair,
-			// add the next two characters, otherwise escape
-			if (code <= 0xdbff && next >= 0xdc00 && next <= 0xdfff) {
-				result += char + str[++i];
-			} else {
-				result += `\\u${code.toString(16).toUpperCase()}`;
-			}
-		} else {
-			result += char;
-		}
-	}
-	result += '"';
-	return result;
-}
 const absolute = /^([a-z]+:)?\/?\//;
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.178",
+  "version": "1.0.0-next.179",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",