security(app-vite): do not leak currentScript when on SSR with Pinia/…

…Vuex
quasarframework · Jan 13, 2023 · 011320c · 011320c
1 parent e2cbde7
commit 011320c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app-vite/lib/modes/ssr/ssr-devserver.js b/app-vite/lib/modes/ssr/ssr-devserver.js
@@ -29,7 +29,7 @@ function resolvePublicFolder () {
 }
 
 const doubleSlashRE = /\/\//g
-const autoRemove = 'var currentScript=document.currentScript;currentScript.parentNode.removeChild(currentScript)'
+const autoRemove = 'document.currentScript.remove()'
 
 const ouchInstance = (new Ouch()).pushHandler(
   new Ouch.handlers.PrettyPageHandler('orange', null, 'sublime')

diff --git a/app-vite/templates/entry/ssr-prod-webserver.js b/app-vite/templates/entry/ssr-prod-webserver.js
@@ -65,7 +65,7 @@ function renderModulesPreload (modules) {
 }
 
 <% if (store && ssr.manualStoreSerialization !== true) { %>
-const autoRemove = 'var currentScript=document.currentScript;currentScript.parentNode.removeChild(currentScript)'
+const autoRemove = 'document.currentScript.remove()'
 
 function renderStoreState (ssrContext) {
   const nonce = ssrContext.nonce !== void 0