-
Notifications
You must be signed in to change notification settings - Fork 37
Open
Description
Hi, thanks for awesome work.
When reactR
used in Quarto HTML page and commited to github.
This will cause security problem like below.
*note, above image says that issue closed (since I changed to not use reactR
in that code)
To reproduce this, use below as contents of index.qmd
and render with quarto. (Which is example from readme)
```{r}
library(reactR)
library(htmltools)
browsable(tagList(
tags$div(id = "app"),
tags$script(
"
ReactDOM.render(
React.createElement(
'h1',
null,
'Powered by React'
),
document.getElementById('app')
)
"
),
#add core-js first to work in RStudio Viewer
html_dependency_corejs(),
html_dependency_react()
))
```
Actually, used the core-js-2.5.3
version of the javascript library will cause this problem.
and the code
html_dependency_corejs()
which is actually works as below
htmltools::htmlDependency(name = "core-js", version = "2.5.3",
src = c(file = system.file("www/core-js/", package = "reactR")),
script = "shim.min.js")
cause this.
to solve this. updating version from 2.5.3 to further version which is not use grunt-karma
as <=4.0.1 or latest(3.37.1) can be considered.
Note
I don't think core-js
is required any more o to work in Rstudio viewer at now (2024)
Thanks.
Metadata
Metadata
Assignees
Labels
No labels