Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SSR nonce injection error: element.replace is not a function with non-string HTML elements #564

Closed
lawren opened this issue Nov 21, 2024 · 0 comments · Fixed by #565
Closed

SSR nonce injection error: element.replace is not a function with non-string HTML elements #564

lawren opened this issue Nov 21, 2024 · 0 comments · Fixed by #565
Labels
bug Something isn't working

Comments

@lawren
Copy link
Contributor

lawren commented Nov 21, 2024
edited
Loading

Version

nuxt-security: v2.1.2
nuxt: v3.14.1592

Steps to reproduce

  1. Set up a Nuxt application with Nuxt Security enabled and a Content Security Policy (CSP) that includes a nonce for scripts, styles, and links.
  2. Add PrimeVue to the project and use a component like or any other PrimeVue component.
  3. Run the application in SSR mode (npm run dev or equivalent).

What is Expected?

The application should render properly in SSR mode, with nonce attributes applied to all script, style, and link tags without errors.

What is actually happening?

An error occurs during the rendering process:

element.replace is not a function

This happens because nuxt-security’s cspSsrNonce.ts script assumes all elements in html[section] are strings, but some elements injected by PrimeVue (or other third-party libraries) may not be strings, causing the replace method to fail.

An argument could be made that this should be fixed on PrimeVue's side, but I figured extra type security doesn't hurt here, and it seems the quickest path to getting everything working again.

See related issue reported on PrimeVue.
@lawren lawren added the bug Something isn't working label Nov 21, 2024
@lawren lawren mentioned this issue Nov 21, 2024
Merged
6 tasks
@vejja vejja mentioned this issue Nov 22, 2024
Open
vejja added a commit that referenced this issue Nov 22, 2024
@vejja
Merge pull request #565 from lawren/issue-564
5f508b5 
fix: #564 resolves issue with element.replace on non-string elements
@vejja vejja closed this as completed in d51c300 Nov 22, 2024
lawren added a commit to lawren/nuxt-security that referenced this issue Nov 22, 2024
@lawren
fix: nuxt-modules#564 resolves issue with element.replace on non-stri…
7eb1dbd 
…ng elements
@lawren lawren mentioned this issue Nov 22, 2024
Merged
6 tasks
vejja added a commit that referenced this issue Nov 22, 2024
@vejja
Merge pull request #567 from lawren/issue-564
938e859 
fix: #564 resolves issue with element.replace on non-string elements
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: #564 resolves issue with element.replace on non-string elements lawren/nuxt-security
1 participant
@lawren