fix: #564 resolves issue with element.replace on non-string elements

[lawren]

Types of changes

• Bug fix (a non-breaking change which fixes an issue)
• New feature (a non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Description

This PR fixes an issue in the cspSsrNonce.ts file where element.replace was called on non-string elements in the html[section] array during nonce injection. This caused a TypeError: element.replace is not a function in SSR mode when third-party libraries, such as PrimeVue, injected non-string elements.

The change introduces a type check to skip non-string elements, ensuring the rendering process doesn’t break and nonce attributes are properly applied to valid elements.

Why is this change required?
This resolves a crash in applications using Nuxt Security with SSR and libraries like PrimeVue.

Resolves: #564

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes (if not applicable, please state why)
  • Tests are not applicable in this case since the change addresses runtime behavior with specific third-party library interactions. I did, however, verify existing tests.

[vercel]

@lawren is attempting to deploy a commit to the Baroshem's projects Team on Vercel.

A member of the Team first needs to authorize it.

[vejja]

LGTM

[vejja]

@lawren would you be able to verify if it works now on your side ?
You can use the following stackblitz artefact in your package.json:

{
  "devDependencies": {
    "nuxt-security": "https://pkg.pr.new/Baroshem/nuxt-security@d51c300.tgz"
  }
}

[lawren]

@vejja verified! Looks good on my end. Really appreciate the quick response on this!

FYI, I just realized the same issue appears to be happening with SRI enabled as well. I am assuming it's the same issue, but just in another nitro plugin. Will try to look into it later today.