node_modules
node_modules copied to clipboard
calebmer
Distinguished literals
Option to distinguish literal attributes and text nodes.
An option { literals: "functionName" } now wraps literal attribute
and text node values in a call to functionName("text", "context hint").
For background, "Options for Hardening React &| JSX" discusses ways to address XSS and crafted intents in JSX Frameworks like React and React native.
Desugar string literals in JSXAttributeValue and JSXText nodes so that they are clearly marked as specified by a trusted developer.
This should allow ReactDOM to prevent javascript: URLs that reach
(<a href={url}>Link</a>)
without preventing developers from doing something like
(<a href="javascript:doSomethingAwesome()">Link</a>)
This is meant to eventually interoperate with the trusted-types polyfill.
