Support for #478
This new version updates the regular expressions in the 30-cspSsgHashes.ts file. The previous regular expression was not correctly capturing the content of inline script and style tags in all scenarios.
The old regular expression for inline scripts:
const INLINE_SCRIPT_RE = /<script(?![^>]?\bsrc="[\w:.-\/]+")[^>]>(.*?)</script>/gi
The updated regular expression:
const INLINE_SCRIPT_RE = /<script(?![^>]?\bsrc="[\w:.-\/]+")[^>]>([\s\S]?)</script>/gi;
The change from (.?) to ([\s\S]*?) ensures that the regular expression matches any character, including newlines, between the <script> and </script> tags. This change improves the accuracy of inline script content capture, ensuring that our CSP security hashes are correctly generated for all inline scripts.
What's Changed
- add per route csrf to docs by @moshetanzer in #471
- fix(csp): inline script/style have whitespace character by @hlhc in #478
New Contributors
- @moshetanzer made their first contribution in #471
- @hlhc made their first contribution in #478
Full Changelog: v2.0.0-rc.6...v2.0.0-rc.7