Commit Graph

6 Commits

Author SHA1 Message Date
Sebastian Markbåge 18875b2401 Remove special casing of toString values when enableTrustedTypesIntegration (#17774)
* Remove toString of dangerouslySetInnerHTML

As far as I can tell, the toString call was added here:

https://github.com/facebook/react/commit/caae627cd557812d28d11237b34bff6c661ea8bc#diff-5574f655d491348f422bca600ff6711dR887

It was never really needed. Subsequently when we added Trusted Types,
this needed to be changed to a special call but we really should just
always let it pass through.

* Remove special casing of toString values when enableTrustedTypesIntegration

As far as I can tell, we only toString in user space because of IE8/9.

We don't really support IE8/9 anymore and by the time this flag is on,
we should be able to deprecate it.

Unless this is also an issue in IE11. I haven't tested yet.
2020-01-08 14:40:07 -08:00
Krzysztof Kotowicz fdba0e5ce7 Fixed a bug with illegal invocation for Trusted Types (#17083)
* Fixed a bug with illegal invocation.

* Fixed the test.
2019-10-15 11:41:42 +01:00
Dan Abramov 8e0c574122 Follow-up to initial Trusted Types support (#16795)
* Follow-up to initial Trusted Types support

* Fast-path both strings and numbers

* Move shared objects out of every test
2019-09-17 16:06:26 +01:00
Emanuel Tesař b8d079b413 Add trusted types to react on client side (#16157)
* Add trusted types to react on client side

* Implement changes according to review

* Remove support for trusted URLs, change TrustedTypes to trustedTypes

* Add support for deprecated trusted URLs

* Apply PR suggesstions

* Warn only once, remove forgotten check, put it behind a flag

* Move comment

* Fix PR comments

* Fix html toString concatenation

* Fix forgotten else branch

* Fix PR comments
2019-09-16 13:43:22 +01:00
Héctor Ramos b87aabdfe1 Drop the year from Facebook copyright headers and the LICENSE file. (#13593) 2018-09-07 15:11:23 -07:00
Philipp Spieß a0190f828f Rename SafeValue to ToStringValue (#13376)
Following up on the changes I made in #13367, @gaearon suggest that
"safe" could be read as necessary for security. To avoid misleading a
reader, I'm changing the name.

A few names where discussed in the previous PR. I think `ToStringValue`
makes sense since the value itself is not a string yet but an opaque
type that can be cast to a string. For the actual string concatenation,
I've used `toString` now to avoid confusion: `toStringValueToString`
is super weird and it's namespaced anyhow.

Definitely open for suggestions here. :) I'll wait until we wrap up
#13362 and take care of rebase afterwards.
2018-08-13 14:58:59 +01:00