We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 77ee19b commit b48ac2aCopy full SHA for b48ac2a
3 files changed
packages/vite/package.json
@@ -78,6 +78,7 @@
78
"@rollup/plugin-node-resolve": "14.1.0",
79
"@rollup/plugin-typescript": "^8.5.0",
80
"@rollup/pluginutils": "^4.2.1",
81
+ "@types/escape-html": "^1.0.0",
82
"acorn": "^8.8.1",
83
"acorn-walk": "^8.2.0",
84
"cac": "^6.7.14",
@@ -92,6 +93,7 @@
92
93
"dotenv": "^14.3.2",
94
"dotenv-expand": "^5.1.0",
95
"es-module-lexer": "^1.1.0",
96
+ "escape-html": "^1.0.3",
97
"estree-walker": "^3.0.1",
98
"etag": "^1.8.1",
99
"fast-glob": "^3.2.12",
packages/vite/src/node/server/middlewares/static.ts
@@ -3,6 +3,7 @@ import type { OutgoingHttpHeaders, ServerResponse } from 'node:http'
3
import type { Options } from 'sirv'
4
import sirv from 'sirv'
5
import type { Connect } from 'dep-types/connect'
6
+import escapeHtml from 'escape-html'
7
import type { ViteDevServer } from '../..'
8
import { FS_PREFIX } from '../../constants'
9
import {
@@ -208,7 +209,7 @@ function renderRestrictedErrorHTML(msg: string): string {
208
209
return html`
210
<body>
211
<h1>403 Restricted</h1>
- <p>${msg.replace(/\n/g, '<br/>')}</p>
212
+ <p>${escapeHtml(msg).replace(/\n/g, '<br/>')}</p>
213
<style>
214
body {
215
padding: 1em 2em;
pnpm-lock.yaml
0 commit comments